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California Plots IT Makeover 


State CIO proposes | 
changes after Oracle 
contract debacle _ 


BY MARC L. SONGINI eal 
Thirteen months after Califor- | 
nia’s centralized IT agency 
collapsed amid a political | 
scandal triggered by a $126 
million Oracle database li- 
censing deal, state CIO J. Clark | 
Kelso said progress has been | 
made in reorganizing the way 
technology is procured. 

But it will still take years to 
fully resolve the problems that | 


Feds Suspend | 
MCI From 
Contract Bids 


Investigators also 
probe c -all-routing 
allegations by riv als 


BY MATT HAMBLEN 
AND DAN VERTON 

WorldCom Inc. last week was 
prohibited from competing for 
new federal contracts and 
found itself embroiled in yet 
another investigation, this one 
involving allegations that for 
years it has illegally routed 


FULL wales 


For additional 
tinancial pre 





IT operations. 


were brought 
to light by the 
controversy, 
he added. 
Kelso, who 
began over- 
seeing Cali- 
fornia’s multi- 
billion-dollar 
IT spending 
outlays in 


J. CLARK KELSO, 
California's ClO 


| May 2002 after the Oracle 


scandal had erupted, last week 
discussed a set of legislative 
proposals as well as steps that 
the state is already taking to 


California, page 47 


phone calls to avoid paying 
network-access fees to rivals. 
The U.S. General Services 
Administration said it sus- 
pended WorldCom’s eligibility 
to compete for new contract 


| bids after determining that the | 
| company, which now operates 
| under its MCI brand name, 


has yet to adequately revamp 
its internal accounting con- 
trols and business ethics. 


| Hord Tipton, CIO at the De- | 
| partment of the Interior, said 
| the GSA's decision could have 


“a big impact” on his agency’s 
“We have all 
sorts of contracts with MCI 
that are subject to renewal 


| coming up the first of Octo- 
| 


ber,” he said. “The big cost 
would be in dollars and time 
to migrate to another carrier.” 
Tipton added that GSA offi- 
cials met with agency heads 
MCI, page 12 
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| transactions will cost 


Enc 


ryption Mandate 


Puts Strain on Financial IT 


| Efforts by retail, banking 
AT Msand servers W ill tz ike years, cost billions 


BY LUCAS MEARIAN AND 
PATRICK THIBODEAU 

A mandate by credit card 
companies and related funds- 
transfer networks to upgrade 
the security of electronic 


the banking and retail 
industries billions of 
dollars in hardware and 
software and require several | 
years of intensive work to 
complete. 

MasterCard International 
Inc., Visa U.S.A. Inc. and asso- 


x industries to upgrade 


ciated ne twork providers have 


established deadlines starting 


| in 2004 for converting elec- 
| tronic funds networks to the 


Triple Data Encryption Stan- 
| dard. The DES cryptology al- 
gorithm currently in 


SECURITY use has become vulner- 


able to attacks as a re- 
sult of increases in 
computing power, those orga- 


paw 
| nizations Say. 


Beth Lynn, senior vice presi- 


| dent of network administra- 
' tion at San Diego-based Star 


TIME TO 
OUTSOURCE ERP? 


Systems Inc., the nation’s 
largest debit network, said it 
won't be long before “it will 
become easy to buy a DES 
cracker and break those [en- 
cryption] keys.” 

There have been no reports 
to date of DES-related break- 
ins. Instead, hackers have at- 
tempted to exploit other net- 
work weaknesses. “It’s a whole 
lot easier to find a Windows 
[or] Unix vulnerability,” said 
Ryan Kalember, a security 
expert at Guardent Inc. in 
Waltham, Mass. 

In much the same way that 

Encryption, page 47 


est in offloading the 


MRA] here's growing inter- 
nya 


hassles of ERP software 


to service providers, since the technol- 
ogy doesn’t provide much competitive 
advantage anymore. But some CIOs 
say that outsourcing the “brains” of 
the company is just too risky. Page 33 
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Imagine giving. 
your applications 

oye uite] Mm aceeurele 
on blade servers. 


Thanks to the blade server platform, you've 
reduced. everything—server size, space, cables, 
management overhead and most importantly, 
costs. But then you realize that even when 
consolidated, the new server platform still has 
to meet the same demands: it has to be highly 
available, secure, scalable and completely 
reliable in its performance. 


How do you meet those demands without 
sacrificing all you've just gained? F5‘s BIG-IP® 
Blade Controller software provides traffic 
management that virtualizes and load balances 
the blade server environment. Now you can pool 
blades and concentrate their power, route traffic 
to those that are performing well, and manage 
them as a single entity. And with BIG-IP Blade 
Controller loaded directly onto blade servers, 
you're guaranteed to achieve the high 
availability performance it takes to reliably 
deliver applications. 


Give your imagination free reign and your 
bottom tine room to grow. : 

Visit www.f5.com/bccw to learn more and 
experience a flash demo. Or call 800-916-7185. 
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Breaking the Paper Habit 

In the Management section: Huntington Banc- 
shares replaced paper reports with a Web- 
based system, but it didn’t count on resistance 
from managers who loved getting those 








Avoid Config Policy Potholes 


In the Technology section: Configuration tools are plenti- 
ful and can be real time-savers, Time Warner Cable’s 
George Geddis (left) found. But if you lack documented 
procedures on how to use them for each system and ap- 
plication, you could end up wasting your time. Page 19 


200,000 pieces of paper. Page 35 
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4 Hewlett-Packard chooses 
Siebel apps for a CRM consol- 
idation project that’s expected 
to reduce IT maintenance 
costs by millions of dollars. 


Vendors issue a plan for 
disclosing software security 
holes, but security researchers 
say they were ignored. 


An open-source spam-fight- 
ing tool is being beta-tested at 
Cornell University’s school 
of management. 


CERT intends to lead a proj- 
ect to promote the sharing of 
security information. 


Microsoft details new Visual 
Studio features but is vague 
about release dates. 


Offshore outsourcing could 
affect 5% of corporate IT jobs 
by 2005, Gartner reports. 


Unisys releases a major 
mainframe upgrade that ana- 
lysts say should appeal to 
current ClearPath customers. 


The Sarbanes-Oxley Act, or- 
iginally aimed at publicly held 
businesses, has implications 
for private companies as well. 


Avaya’s CEO says business is 
getting better for the network- 
ing vendor, but more job cuts 
may be in its future. 


IBM’s portal software up- 
grade will add data sharing. 


Comdex Fall 2003 woos IT 
professionals, eschewing the 
usual consumer-oriented frills. 


26 Simulations Revitalize 
E-learning. Advances in sim- 
ulation frameworks are mak- 
ing e-learning more effective. 


28 Q&A: Putting the Pieces To- 
gether. IBM software strate- 
gist Jeanette Horan talks 
about unifying the company’s 
software architecture. 


29 Future Watch: Smart Rooms. 
“Thinking surfaces” and 
rooms that remember could 
help designers of the future 
get their jobs done faster 
and better. 


30 Security Manager’s Journal: 
Data Center IDS Project a 
Nonstarter. Policy issues and 
technical glitches derail a 
project to plug intrusion- 
detection systems into a new 
data center. 
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33 Time to Outsource ERP? 
Some users say ERP is too 
critical to farm out. Others say 
it’s no longer strategic. Here 
are the two sides of the out- 
sourcing debate. 





36 Readiness Relies on Talent. 
The Navy is giving its work- 
force technical tools and in- 
formation to help them plan 
successful career paths. 


38 Case Study: ‘Team Schein’ 
Saves the Day. Henry Schein’s 
CIO, Jim Harding, recruited 
an in-house data warehouse 
team after its initial con- 
sulting firm went bankrupt 
six months into the project. 


6 On the Mark: Mark Hall finds 
that although Java is consid- 
ered secure on the desktop, it 
may create holes on hand- 
helds for hackers to exploit. 


Maryfran Johnson learns 
firsthand that false positives 
are the bane of spam-filter 
users. But she may have found 
an open-source answer. 


Pimm Fox wants you to get 
WYSIWYG for color. Without 
it, he says, you’re wasting a lot 
of money. 


Ari Kaplan warns that the 
heat is on for companies that 
ignore the pitfalls of illegal 
P2P file-sharing among em- 
ployees. 


Paul A. Strassmann cautions 
that IT consolidation doesn’t 
usually produce the promised 
synergies. 


40 Paul Glen says new IT project 
managers need supportive su- 
pervision while they adjust to 
their new roles. 


48 Frankly Speaking: Frank 
Hayes urges you to use your 
insider role to outwit the 
outsourcers who are mere 
outsiders that have their own 
— not your company’s — 
interests at heart. 
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SECURITY: Ron Nabors at Tangram Enter- 
prise Solutions suggests ways to protect your 
organization from offensive materials like 
pornography that can put your company at 
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Avoid Active Directory Pitfalls 
OPERATING SYSTEMS: Dealing with con- 
tentious administration issues in advance 
will help your operating system upgrade go 
more smoothly, says Xevos’ Mark Hynes. 
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Sponsor Pulls the 
Piug on UCITA 


WASHINGTON 


Citing widespread political oppo- 
sition to UCITA, the National Con- 
ference of Commissioners on Uni- 
form State Laws (NCCUSL) on 
Aug. 1 pulled its support of the 
controversial software licensing 
law and will no longer seek its 
adoption by state legislatures. 

One top official of the Chicago- 
based group called the action 
“unprecedented” and said it 
stemmed from intense, wide- 
ranging opposition to the Uniform 
Computer Information Transac- 
tions Act. 

“Clearly we are experiencing 
directed intense and incessant 
politics and strong opposition, 
without suggestion of concrete al- 
ternatives, from some consumer 
groups, insurance companies and 
libraries, and the allies they have 
accumulated,” said NCCUSL 
President King Burnett in a letter 
sent Friday to the organization's 
commissioners. NCCUSL is finan- 
cially supported by the states. 

Burnett said NCCUSL had be- 
come “embroiled in a political de- 
bate with unusual dimensions.” 
But he reiterated support for UCI- 
TA, noting that it will remain in 
place as a legal resource. 

Carlyle Ring, who headed the 
now disbanded UCITA drafting 
committee, said the act will re- 
main influential because it was 
adopted in Virginia and Maryland. 
He said it will continue to serve as 
a point of reference for courts 
considering such issues. 

“The law is evolving, and it ap- 
pears UCITA is influencing [it],” 
Ring said. 

That point wasn’t lost on oppo- 
nents, who said they will continue 
to combat the licensing law, 
which sets default rules for soft- 
ware contracts. Opponents said 
these rules give vendors too much 
power. 

“As long as it’s out there, peo- 
ple have to worry about it,” said 
Miriam Nisbet, legislative counsel 
for the Chicago-based American 
Library Association and a leader 
of a coalition of business and aca- 
demic groups opposing UCITA. 

- Patrick Thibodeau 
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HP Uses Siebel ‘Tools 
‘To Unify CRM System 


Project replaces 
-arlier Oracle deal 
BY MARC L. SONGINI 
Hewlett-Packard Co. expects 
to save millions of dollars in 
IT costs, standardize business 
processes and create a single 


| view of its customers through 


a large-scale implementation 
of sales, marketing and part- 
ner management applications 
from Siebel Systems Inc. 

The deal with Siebel is HP’s 


| second attempt to create a 
consolidated system for its 


sales force. In August 2001, 
Oracle Corp. announced an in- 
stallation of its Oracle Sales 
Online software at HP and 
said it expected the applica- 
tion to be rolled out globally 
by the end of last year. 

HP changed the plan to 
standardize its sales processes 
on Oracle’s software after ac- 
quiring Compaq Computer 





Corp. in May 2002, said Steve 
Bonadio, an analyst at Meta 
Group Inc. in Stamford, Conn. 

Mike Overly, vice president 
of customer operations at HP, 
said an analysis done after the 
Compaq deal showed that 
Siebel’s technology was more 
advanced than rival products. 

Using the Siebel applica- 
tions gives HP “an opportuni- 
ty to improve the customer 


| experience faster,” he said, 


adding that Oracle’s software 
“was one of many legacy CRM 
systems that were retired.” 
Oracle said its technology 
produced “significant cost 
savings for HP.” The software 
vendor added that it was “dis- 


| appointed HP decided to go 
| with another CRM vendor for 


their merged company,” but 
said it continues to partner 
with and support HP. 

In all, HP plans to transition 
about 90 existing CRM and 
partner relationship manage- 





ment systems to Siebel’s soft- 
ware, Overly said. The project 
involves installing software for 
more than 16,000 internal end 
users. In addition, about 
130,000 people at HP’s re- 
sellers and distributors will 
have access to Siebel’s collab- 
orative sales and marketing 
tools via a Web portal. 

Overly declined to disclose 
the cost of the project. But he 
said that consolidating on San 
Mateo, Calif.-based Siebel’s 
applications will save HP tens 
of millions of dollars as a re- 
sult of reduced IT mainte- 
nance costs and product sim- 


We're living 

proof of 
having too many 
siloed solutions. 


MIKE OVERLY, VP OF CUSTOMER 
OPERATIONS, HEWLETT-PACKARD 


IRS Database Upgrade Delayed Again 


BY GRANT GROSS 
The U.S. Internal Revenue 


| Service has delayed a project 


to modernize its taxpayer 
database for the second time 
in less than two years. 

The IRS last week an- 
nounced it has delayed the 


first phase of its Customer Ac- | 


count Data Engine (CADE) 
project from August 2003 to 
March or April 2004. The 
agency had originally planned 


| to move the first group of tax- 
| payers, about 6 million Form 


1040 EZ filers, to the new sys- 
tem in 2001, before the project 
was delayed until this August. 

The problems with the tran- 
sition center around the “jux- 
taposition of the old system to 
the new system,” said an IRS 
spokesman, who declined to 
elaborate. 

IRS Commissioner Mark W. 
Everson said last week that the 
agency has launched an inde- 





pendent review of the project 
through the Software Engi- 
neering Institute of Carnegie 
Mellon University in Pitts- 
burgh. The review will look at 
the performance of a team of 
contractors led by Computer 
Sciences Corp. (CSC) in El Se- 
gundo, Calif., and the agency’s 


| management of the contract 
| since it was signed more than 
| four years ago. 


The IRS has asked the insti- 
tute to recommend changes to 


CADE Budget 


See 





the project in 60 to 90 days. 
The contractors being led 
by CSC include IBM, Bearing- 
Point Inc., Northrop Grum- 
man Information Technology, 
Unisys Corp. and Science Ap- 
plications International Corp. 
The IRS said the taxpayer 
database in question is based 
on DB2 technology from IBM. 
IBM declined to comment. 
CSC issued a statement 
about the IRS review but said 
it wouldn’t comment further. 
The company said it’s confi- 
dent CADE will be in place in 
time for the 2004 income tax 
season. CSC also said it wel- 
comes the review by Carnegie 
Mellon. The contractor group 
is “eager to share its experi- 
ences and perspectives” with 
the university team, CSC said. 
“This most recent setback is 
a serious matter,” Everson said 
in a statement. “The CADE 
project has had a number of 
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plification, and it’s expected to 


| produce increased sales and 


higher customer-satisfaction 
levels. 

“We're living proof of hav- 
ing too many siloed solutions,” 
Overly said. He added that HP 
expects to get a return on its 
Siebel investment by the sec- 
ond half of next year. 

The company has been us- 
ing Siebel’s sales automation 
software since May. The next 
step is to install integrated 
marketing and call center ap- 
plications by the first half of 
next year. After that, HP plans 
to add Siebel’s analytical soft- 
ware supported by a global 
data warehouse to conduct 
more sophisticated customer 
analysis, according to Overly. 

It might be risky to install so 
many applications so quickly, 
noted Joshua Greenbaum, an 
analyst at Enterprise Applica- 
tions Consulting in Daly City, 
Calif. 

Internal politics, conflicting 
international business require- 
ments and “plain-old corpo- 
rate inertia make these kind of 
projects more failure-prone 
than most companies like to 
admit,” he said. D 


delays over the past several 
years — too many delays.” 

CADE is eventually intend- 
ed to house tax information 
from more than 200 million 
U.S. taxpayers. It will replace a 
magnetic tape-based system 
that the IRS began using about 
40 years ago. 

The old system, called the 
Master File, takes a week for 
records updates, causing de- 
lays in providing accurate 
account data on taxpayers. 

After the first delay, the IRS 
renegotiated the terms with 
the contractors working on 
the CADE project. The IRS 
spokesman said he wasn’t 
aware of any efforts to further 
renegotiate the contract. D 


Gross writes for the IDG News 
Service. 


PROBLEMS AT NASA, T00 


The space agency has been overpaying 
under a desktop outsourcing contract: 


QuickLink 40360 
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Vendors Offer Plan for Disclosing Software Security Holes 
Security researchers say their concerns 
were ignored, slam vendor ‘loopholes’ 





BY DAN VERTON AND 
JAIKUMAR VIJAYAN 
A multivendor team led by 
Microsoft Corp. last week re- 
leased new guidelines for se- 
curity vulnerability reporting 
and response. But critics of 
the effort faulted it for its lack 
of nonvendor buy-in. 

The voluntary group of ll 
security companies and soft- 
ware developers, known col- 


lectively as the Organization 
for Internet Safety (OIS), has 
been engaged in a yearlong ef- 
fort to standardize the process 
through which security re- 
searchers and software ven- 
dors work together on finding, 
fixing and releasing informa- 
tion about software vulnera- 
bilities to the public. 

In the past, software ven- 
dors and security researchers 


Open-Source Spam-Blocker 
Gets High Marks at Cornell 


BY JAIKUMAR VIJAYAN 

When the academic year be- 
gins this fall, students at Cor- 
nell University’s Johnson 
Graduate School of Manage- 
ment will be armed with what 
its CIO sees as a powerful new 
weapon to battle spam. 

For the past two months, the 
school’s IT organization has 
been beta-testing an open- 
source tool called the Spam- 
Bayes Outlook Plug-in and is 
preparing for a broad rollout. 

The SpamBayes tool blocks 
spam using a unique form of 
statistical analysis that’s far 
more efficient and customiz- 
able than any commercially 
available antispam product, 
according to Larry Fresinski, 
the school’s CIO. 

“It’s been extraordinarily 
effective,” he said. 
“It catches 99% of 
my spam.” Fresinski 
said he has contact- 
ed 20 other business 
schools to inform 
them about the tech- 
nology. 

The university has 


Outlook Plug-in with Micro- 
soft Corp.’s Outlook XP, Out- 
look 2003 Beta and an Ex- 
change 2000 server. Cornell’s 
management school is a beta 
tester of Outlook 2003, which, 
like other e-mail products, 
comes with its own antispam 


OUR TAKE 


Computerworld editor in 
chief Maryfran Johnson 

appreciates hearing from 
Fresinski and urges other 
ClOs to share their spam 
stories: Page 1€ 


HOW IT WORKS 


It first analyzes samplings 
Lee Merl Lies ere 


DM eee mer le lr tome 
clues from these samples to 
Fm a re Meier ry 
the two. 


MUR etme oe OS) oe 
Pm mL sree (eco Lt] 
calculate the probability that 
the messages are spam. 


technology. As a tester of 
SpamBayes, the Ithaca, N-Y.- 
based school has recommend- 
ed the approach to Microsoft, 
Fresinski said. 

SpamBayes is the name of 
an open-source project work- 
ing to develop an an- 
tispam filter based 
on Bayesian theory, 
a method of statisti- 
cal analysis. 

The approach is 
different from tradi- 
tional antispam 
technologies that 





been testing the SpamBayes | eee predefined rules to look 


for specific features or words 
| in mail headers and body text 
to identify unsolicited mail. 
Many of these technologies 
also use blacklists to block 
mail from certain addresses. 
The problem with such ap- 
proaches is that they rely ona 


| 
| 
| 
| 
| 


have been at loggerheads over 
the practice of full disclosure, 
under which vulnerability in- 

formation is publicly released 
before vendors have a chance 

to respond to it. 

Key elements of the process 
approved last week include a 
requirement for vendors to set 
up an established point of con- 
tact for receiving vulnerability 
information and a provision 


| that vendors should respond 
| within seven days to a vulner- 
| ability report. 


The process also sets forth a 


| predefined and general de- 





| scription of spam and not ona 


user-specific definition of the 


| term, Fresinski said. 


SpamBayes first analyzes a 
user’s legitimate e-mail and 
spam mail for clues as to what 
makes each different. It then 
applies those clues to the 
headers, content and style of 
incoming messages to deter- 
mine whether they are spam. 

The greater the number of 
initial samples and the broad- 
er the variety, the more quick- 
ly Bayesian filters can be 
“trained” to recognize spam, 


| said Brian Burton, president of 


Burton Computer Corp., a 
consultancy in LaVale, Md. 
The company has developed 


; an open-source tool called 
| SpamProbe, which uses simi- 


lar techniques to block spam. 
“That is one of the weak- 


| nesses of this approach,” Bur- 
| ton said. “You've got to get it 
| to a point where it can start 


making the right decisions.” 
Although SpamBayes won't 


| prevent Cornell’s mail servers 
| from getting spammed, it will 


allow end users to weed out 


| spam more effectively, Fresin- 
| ski said. So far, there hasn't 

| been one instance in which 

| the software has stopped 

| legitimate mail from getting 

| through or failed to stop spam, 
| he said. 


“It’s open-source software. 


| It’s free,” Fresinski said. “The 


beauty of it is that it continual- 
ly learns what is spam to you, 
and not [to] some external 


| database.” D 


| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
j 
| 
| 





30-day period to find a fix, 
during which the vulnerability 
information won’t be publicl; 
disclosed by the finder, and a 
30-day grace period after a fix 
has been issued before supple- 


| mental details such as exploit 


code can be released by the 
finder. 

The OIS guidelines are an 
effort to create a process that 
is acceptable to vendors and 
researchers and keeps the se- 
curity interests of users at the 


| forefront, said Scott Blake, 


vice president of information 
security at Houston-based 
BindView Corp., one of the 
members of the OIS. 

“The process relies on good 


| faith by both parties,” Blake 


said. “Users’ interests are the 


| primary consideration.” 


Vendors Only? 
But some independent securi- 
ty researchers claimed that 
the OIS effort is unbalanced. 

“The vendors forming the 
OIS represent anybody but the 
security researchers,” said 
Thor Larholm, a security re- 
searcher at PivX Solutions 
LLC, a Newport Beach, Calif.- 
based network security 
consultancy. 

“The OIS is a specification 


| made by vendors for vendors,” 


Larholm added. “The guide- 
lines provide absolutely no 
incentive for most security 


ess. There are simply too 
many loopholes for any ven- 
dor to continue [its] current 
process of downplaying the 


severity of vulnerabilities.” 


“Hiding information about 


| bugs hurts ordinary users and 





The O1S isa 
specification 
made by vendors for 


| vendors. The guide- 
| lines provide ab- 

| solutely no incentive 
| for most security re- 


searchers to follow 


| the process. 


THOR LARHOLM, SECURITY 


| RESEARCHER, PivX SOLUTIONS 


| systems administrators,” said 
| Georgi Guninski, a Bulgarian 


bug hunter who has discov- 
ered numerous flaws in Mi- 
crosoft products and has pre- 


| viously been criticized by the 


company for irresponsible dis- 
closure. 


“In most cases, when a se- 


| curity bug is announced by a 
| [finder], the same [finder] 


gives an efficient solution to 
the problem,” Guninski said, 
noting the lag time built into 


| the OIS guidelines. 


Scott Culp, senior security 


| strategist at Microsoft, said 
| the guidelines won't relieve 


any of the pressure that full 


| disclosure imposes on ven- 

| dors. In fact, he said, the oppo- 
| site is true, noting that there’s 

| a timetable built into the 

| process and that a company 

| researchers to follow the proc- | 


can be held accountable if it 
fails to respond to a reported 
vulnerability. 

The OIS plans to revisit the 


| guidelines in six months to as- 
| sess their effectiveness and to 

| incorporate recommendations 
| from the security community. D 


OIS Process 


1) Discovery of a vulnerability by an independent researcher. 





2) Notification of the vendor and confirmation by the vendor that it has 


received the vulnerability report. 





3) Investigation of the problem by both the vendor and the individual who 
discovered the bug to verify the claim and to ensure that the problem hasn't 


already been fixed. 





4) Resolution of the problem based on a vendor-developed fix or patch. 





5) Coordinated public release of information about the vulnerability and 


its remedy. 
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IBM, ABB Widen 
Outsourcing Deal 


IBM announced a 10-year, 

$1.1 billion outsourcing agree- 
ment with The ABB Group, a 
Zurich-based maker of power 
and industrial automation prod- 
ucts. The deal covers about 
90% of ABB’s IT operations and 
expands a pair of pilot contracts, 
valued at $600 million, that 
were signed in late 2001 for 
Sweden and India. 


Sun Resumes 
Server Shipments 


Sun Microsystems Inc. said it 
has fixed a data corruption prob- 
lem on its new Sun Fire V210 
and V240 servers and resumed 
shipments of the low-end Unix 
systems. Sun had stopped ship- 
ping the servers on June 23 af- 
ter discovering a flaw involving 
their Ethernet ports. In another 
matter, Sun this month plans to 
release a Solaris update that in- 
cludes the open-source GNOME 
2.0 desktop user interface. 


Cisco Warns of 
Wireless Flaws 


Cisco Systems Inc. warned users 
about two security holes that af- 
fect the software used in some 
versions of its Aironet wireless 
access-point technology. The 
company released a software 
patch designed to fix the flaws 
and said that attackers could 
disable unprotected access 
points via denial-of-service 
attacks or steal user account 
names from the devices. 


Short Takes 


SAP AG said it has reorganized 
its application development 
teams into three product groups, 
plus a fourth that’s responsible 
for overall application architec- 
ture. ... SUN, ORACLE CORP. 
and three other vendors released 
a proposed standard for orches- 
trating the use of Web services 
in complex transactions. 


NEWS 


MARK HALL #®*ON THE MARK 


Java Handhelds A Bigger 
Security Problem ... 


... than the desktop,” claims Shlomo Touboul, founder and CEO of 
Finjan Software Inc. Given the relatively limited hardware capabilities 
of these small devices, he says, “when they put Java into the handset, 
they took out most of the security in the JVM [Java virtual machine].” 
While that may be little more than a self-serving observation from the 
San Jose-based data security firm, it’s worth considering as companies 
begin distributing Java phones and PDAs to mobile workers. It’s also 
worth pondering by the network providers that may become a legal 


target of those who lose precious data due to 


crosystems Inc., which, while maybe not 


lax security. Touboul argues that less tech- 
nically sophisticated handheld users 
have vastly different expectations of the 
providers that offer “air-time services” 
and the devices that consume them. He 


betting the farm on the market, has at least 
wagered the back 40. Gina Centoni, vice 
president of the developer network at 
Openwave Systems Inc. in Redwood City, 
Calif., points out that Sun has the domi- 








says that PC makers “are considered 


blameless” if a virus de- 
stroys a disk drive. Not so 
for handsets. “When it 
comes to air time, I ex- 
pect my providers to pro- 
tect [the device],” he con- 
cludes. Needless to say, 
Finjan promises an an- 
swer with its Vital Securi- 
ty for Cellular product, in 
beta now at an unnamed 
network operator. It 
should hit the market in 
the fourth quarter. # If the 
handheld equivalent of 
the Nimda virus strikes 
Java phones, it could be a 
huge problem for Sun Mi- 


. 5 in 
Chicago will ship the Spirian 
Deployability 3:5 upgrade in 
mid-September. The tool, 
PME UEC som LTe Ce) ee LL 
grations and operating sys- 
Pb oe mr et melee Ul be 
zations, adds “site autono- 
my” features, letting remote 
sites have their own master 
system to greatly speed sys- 
tem transitions. The software 
license is $75 per device. 
AYla cay rw 


‘CERT to Lead Project to Promote 


nant position today with the telcos, 


which have made heavy 
investments in Solaris in 
their data centers and use 
it to deliver profitable ser- 
vices to handsets. This 
gives the creators of Java a 
huge advantage. Her com- 
pany builds tools for cell 
phone and PDA applica- 
tion developers, who are 
overwhelmingly creating 
Java apps. But that could 
change, she acknowl- 
edges. “Can Sun lose it?” 
she asks. Sadly, “yes, it’s 
possible,” she says. The 
threat is real, particularly 
with enterprises that are 
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getting comfortable with .Net for client-side 
deployment. It would be a bitter irony for 
Sun supporters to lose out to Microsoft 
in a big market because of security prob- 
lems. ® The security battle between SSL 
and IPsec is picking up steam again as SSL 
proponents point out that because IPsec 
encrypts data at the packet level, the protocol 
can’t analyze the content, the next fron- 
tier for data security. SSL scrambles the 
bits higher up the stack, so it can pursue 
the data to see if there’s a virus hiding 
amid the encrypted info. That’s just what 
Emeryville, Calif.-based SafeWeb Inc. will 
offer in the update to its security appli- 
ance in mid-August. One SEA Tsunami 
4.0 unit can handle 500 concurrent users 
and costs $9,995. = Got Linux? Got main- 
frame? Stop by the Linuxcare Inc. booth 
tomorrow at LinuxWorld in the compa- 
ny’s hometown of San Francisco for a 
sneak peek at Levanta 2.0, which will be 
formally announced next week. The Lin- 
ux provisioning software for IBM zSeries 
mainframes adds improved application 
management, distinct roles for systems 
and network administrators, and an im- 
proved GUI among other upgrades. It 
also adds best practices in the form of 
templates for proven ways to configure a Lin- 
ux partition on big iron. All this and more 
for $150k. ® A truly wireless computing 
experience would eliminate the power 
cord from your PC, and that’s just what BA 
Technologies Inc. in Las Vegas has done. 
The custom-made machines use a special 
Ethernet hub to deliver electricity on the 
four unused wires in the standard eight- 
wire cable that connects a PC to a network 
port. At $1,000, it’s a bit more costly than 
a power-cord-bound desktop. And the 
hub goes for about $50 per port. Still, for 
some of you, getting rid of some of the tangle 
around your feet will be well worth it. D 


hance emerging security data- 
sharing standards such as the 
Incident Object Description 
and Exchange Format and the 
Intrusion Detection Message 


Sharing of Security Information 


| BY JAIKUMAR VIJAYAN 


Carnegie Mellon University’s 
CERT Coordination Center, 


| security event management 
| software vendor ArcSight Inc. 


and three universities are 


| teaming up to help improve 


information sharing among 
security organizations. 

The group will undertake 
what it’s calling the Cyber Se- 
curity Information Sharing 
Project. Its purpose is to con- 
duct research and development 
aimed at improving companies’ 





ability to identify and respond 
to cyberattacks using informa- 
tion gathered from throughout 
the security community. 
Group members hope to ul- 
timately create a set of best 


| practices for the federal gov- 


ernment’s Information Sharing 
and Analysis Centers initiative, 
according to a joint statement 
released last week from CERT 
and ArcSight. 

CERT will act as the project 
coordinator, and Sunnyvale, 
Calif.-based ArcSight will do- 





nate its software to project 
partners. CERT and each of 
the three universities, which 
have yet to be named, will in- 
stall ArcSight’s event correla- 
tion and management soft- 


ware to monitor and aggregate | 


relevant information from 
firewalls, intrusion-detection 
systems and other security 
tools. CERT will consolidate 
and analyze the information to 
identify threats. 

The project will provide an 
opportunity to test and en- 





Exchange Format, said Larry 
Lunneta, a director at Arc- 
Sight. Both have been submit- 
ted as standards to the Inter- 
net Engineering Task Force. 
“We anticipate a significant 
amount of published work to 
come out of this effort” related 
to security information sharing 
and standards, Lunneta said. D 


MORE ONLINE 


For ongoing coverage of IT security issues, 
visit our Security Knowledge Center online: 


QuickLink k1600 
www.computerworld.com 





Today, if I’m lucky, 
I'll be totally ignored. 
That means systems are humming 
and data is flowing. 
If not, | have to fix it. 


i 


Preferably, before@anyone notices. 


\ 
Save the day, 


Keep bad things from reaching users and you'll get noticed for all the good you do. One way is to use an L5500 automated tape 
library with Tape Mirroring software for foolproof backup and restore. Or a D280 disk system with Remote Volume Mirroring 
software so systems rebound fast. Whatever your solution, we'll make sure you only get noticed when you want. Learn more 


about this story and other ways we can help you at www.savetheday.com “a STORAGETEK' Save the Day 
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Microsoft 


NEWS 


Lays Out 


‘Tools Road Map 


New releases to 
coincide with 
Yukon, Longhorn _ 


BY CAROL SLIWA 
ICROSOFT CORP. 
last week at the 
VS Live confer- 
ence in New York 
detailed productivity, scalabil- 
ity and performance enhance- 
ments that are planned for the 
next two versions 
of its Visual Stu- 
dio .Net develop- 
ment tools. 
The next edi- 
tion of Visual Studio, code- 
named Whidbey, just came 
out in beta and is synchro- 
nized to the SQL Server re- 
lease code-named Yukon. The 
follow-on tools release, code- 
named Orcas, is linked to the 
next version of the Windows 
operating system, which is 
code-named Longhorn. 
Eric Rudder, senior vice 


president of servers and tools 
at Microsoft, pegged the 
Yukon/Whidbey release for 
late 2004, but he said he 
wouldn’t comment on any 
Longhorn/Orcas dates that 
Microsoft has published in the 
past. Rudder said Microsoft 
will provide more details on 
Longhorn and other products, 
as well as a CD with Longhorn 
and Orcas early-access code, 
at the company’s Professional 
Developers Con- 
ference in October 
in Los Angeles. 
At Microsoft’s 
TechEd confer- 


| ence in early June, a senior ex- 
| ecutive displayed a slide con- 

| taining a road map that pro- 

| jected the release of Longhorn 


and Orcas for 2005. The next 


| version of the server operating 


system, however, was listed at 


| 2006 or beyond. 


Few details were disclosed 


| last week about Orcas. A road 
| map merely showed that it will 





support managed interfaces, 
provide enhanced user inter- 
face features and build on new 
capabilities in Longhorn, such 
as its Trustworthy Computing 
security model, improved col- 
laboration capabilities, inte- 
grated data storage, new appli- 


| cation model, and presenta- 
| tion and media improvements. 


Its predecessor, Whidbey, 
restores some features that 
Visual Basic developers had 
been clamoring for, such as 
“edit and continue,” which lets 
them debug applications, fix 
errors and continue without 
having to stop and compile. 


Additional Features 

The new tool will also signifi- 
cantly reduce the amount of 
code that Visual Basic devel- 
opers have to write for com- 
mon tasks, simplify data ac- 
cess, build in language and 
compiler innovations, boost 
compiler performance, and 
help developers correct com- 





| pile time and syntax errors in 
a manner similar to the way 
the spelling and grammar 
checker works in Word. 
Thomas Murphy, an analyst 


at Meta Group Inc., said 


what’s most noteworthy in 
Whidbey are enhancements to 


| make Visual Basic developers 


more productive, give C# pro- 
grammers greater ability to 
reuse code, and boost perfor- 
mance for C++ programmers. 
He added that in Whidbey, 


| Microsoft starts to take an im- 


portant step away from entry- 


level, bare-bones tools to en- 


terprise-class capabilities by 
better integrating version con- 
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trol, modeling and testing ca- 
pabilities. That will make Mi- 
crosoft’s offerings more com- 
petitive with those from ven- 
dors such as as IBM’s Rational 
Software division and Borland 
Software Corp., he said. 

“In order to continue to 
drive developer productivity, 
you need to tightly integrate 
the development life cycle and 
build tools that support a col- 
laborative development 
methodology,” Murphy said. 

Also last week, Microsoft 
expanded its newly renamed 
Visual Studio Industry Partner 
program, adding two less-ex- 
pensive tiers of membership. D 


Visual Studio 


CODE NAME 
Parcel ety 


w Projected ship date: Late 2004 


= New features: Simplified data access, language and 
compiler innovations (including support for generics and 


iterators); improved compiler performance; integrated code snippets to reduce 
the amount of code developers write for common tasks; XML-based documenta- 
tion; amechanism for correcting compile time and syntax errors; improved tool 
window docking model; new controls for Windows Forms; strengthened 64-bit 
support; and SQL Server Yukon integration. 





aniay\\ lal @ Projected ship date: 2005 
Orcas m New features: Support for managed interfaces, new 
user interface tools and Longhorn features, including the 


Trustworthy Computing security model, improved collaboration capabilities, in- 
tegrated data storage and new application model. 


Senior VP Outlines Longhorn Server Release Plan 


BY CAROL SLIWA 
Eric Rudder, senior vice presi- 
dent of servers and tools at 
Microsoft Corp., last week spoke 
with Computerworld about the 
direction for the next 
version of the Windows 
operating system, code- 
named Longhorn. 

Excerpts from that 
interview follow: 


Microsoft said last 
November there would 
be no Longhorn serv- 

r. Then Brian Valentine, se- 
nior vice president of the 
Windows division, told me in 
March that there might be a 
Longhorn server. Now you’re 
saying there will be a Long- 
horn server. What happened? 
We typically do a server release 
about every three years, and 


we're eagerly working on the next 

version of Windows Server as we 

speak. | think in the past people 

have been cautious about setting 

customer expectations, and that 
potentially [caused] some 
of the confusion. The 
client guys are out saying, 
“Hey, our date is x.” If we 
impart the same name, 
customers may link in 
their minds, “Oh, the serv- 
er has the same name, 
therefore it's the same 
date.” 

So | think people were a little bit 
scared about setting expectations, 
because we're pretty serious, once 
we commit to the schedule for the 
product, to try to come close to 
honor that. This is a case where 
we're clearly customer-driven in 
terms of feature set, and we're not 
date-driven on our server prod- 


ucts. We're more quality-, perfor- 
mance-, security-, dependability- 
and ecosystem-driven. 


Will we see synchronized re- 
leases of the Windows client 
and server operating systems 
in the future? | think it would be 
nice if it were synchronized, be- 
cause it probably makes it a little 
bit easier for customers to think 
about how they upgrade their net- 
works on a consistent basis. But 
we're going to be driven in the 
end by customer demands and 
quality demands, and there's a 
set of business objectives that we 
need to balance between them. 
It's hard for me to predict a year 
out what the balancing is going to 
look like in any shape or form. 


What new functionality is dri- 
ving the Longhorn server re- 


lease? With Windows 2003, we 
had the theme of “do more with 
less,” and we want to continue to 
push that forward. We want to 
make some fundamental break- 
throughs on management and 
the operations side. 

One of the big initiatives is 
what we call DSI, our Dynamic 
Systems Initiative. This is manag- 
ing the platform as a whole rather 
than as a set of technical parts, 
and it impacts how we think about 
delivering the base Windows and 
the products that work with the 
next version of the server - literal- 
ly how we design applications and 
add information to applications. 

You can think about scenarios 
where the data center sort of man- 
ages itself, because it knows that 
you've set a performance thresh- 
old, a certain application, and can 
add resources or take away re- 


sources if they're not being used. 

Of course we'll continue to ad- 
vance the application platform for 
Windows. It's important to contin- 
ue to build better apps faster, and 
you'll see us deliver the next set of 
.Net technologies in there. You'll 
see us deliver a server version [of 
the] WinFS [file system] eventual- 
ly, so that same functionality 
that's available on Longhorn client 
can be expressed in lots of differ- 
ent ways on the server. 

Then on the information worker 
side, we need to continue to ad- 
vance that set of functionality to 
get benefit to the end users. So 
SharePoint Services will be signif- 
icantly rewed, and our portal in- 
frastructure as well. 


To read the complete interview with 

Rudder, visit our Web site: 
QuickLink 40363 
www.computerworld.com 





Build a scalable 
data warehouse 
with a single 
oint of control. 


SAS’ is all you need to know. 


Only SAS provides a high-impact, low-risk way 
to achieve intelligent data warehousing. You can 
extract, transform and load data from any source, 
across any platform, while assuring quality 
Simplify the way you create and customize reports 
And deliver a shared version of the truth. To find out 
how top companies reap bottom-line rewards with 
SAS software—by leveraging the value of data 


from corporate systems, e-business channels, the 


supply chain and beyond—-visit us on the Web or call 


toll free 1 866 270 5727 


www.sas.com/warehouse 


The Power to Know, | ») Sas. 
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Gartner Says 5% of Corporate IT 
Jobs Could Go Offshore by 2005 


Most workers whose positions are 
shifted won't be redeployed, firm says 





BY THOMAS HOFFMAN 
ARTNER INC. last 
week predicted that 
between now and 
the end of next year, 
one out of every 20 corporate 
IT jobs that now exist in the 
U.S. will be moved offshore, 
along with 10% of the posi- 
tions at U.S.-based IT vendors 
and technology services firms. 

And through 2005, less than 
40% of the IT workers whose 
jobs are shifted to offshore op- 
erations will be redeployed to 
other positions by their cur- 
rent employers, according to a 
report issued by Stamford, 
Conn.-based Gartner. The re- 
mainder will simply lose their 
jobs, Gartner indicated. 

The consulting firm’s study 
draws upon employment fig- 
ures from the Arlington, Va.- 
based Information Technolo- 
gy Association of America, 
which puts the current U.S. IT 
workforce at a total of 10.3 
million people. 

M. Lewis Temares, vice 
president of information man- 
agement at the University of 
Miami in Coral Gables, Fla., 
said that Gartner’s predictions 
sound reasonable, given cur- 
rent trends. “I think the [job 
displacement] numbers may 
be at that level now,” he said. 


How to Stem the Tide 
Temares downplayed the po- 
tential effect that pro-U.S. la- 
bor legislation might have on 
stemming the flow of IT jobs 
overseas. “I’m a believer in 
market economics, so I don’t 
think legislation is the solu- 
tion,” he said. Instead, Te- 
mares believes that finding 
more effective ways to do 
technology work domestically 
would make U.S. IT shops 
more competitive with ones 
offshore. Being able to guaran- 
tee that U.S.-developed soft- 
ware is more secure than code 


| Symmetrix line 


| written by offshore workers 
| would also help, he added. 
Maria Schafer, an analyst at 
Meta Group Inc., also in Stam- 
ford, agreed with Gartner’s es- 
| timates that the number of 
jobs sent overseas by U.S. IT 
vendors may approach 10% by 
the end of next year. But 
Schafer said she thinks Gart- 
ner’s prediction that 5% of 
corporate IT jobs will be 
moved offshore by that point 


| “is wildly high.” 


Relocating jobs to other 


| 


| 





OFFSHORE IT PLANS 


eeu 
Ke Todd 


Increase by 
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By June 2004, how will your use 
of offshore IT workers change? 


AN 11°70 
-~/0 
rag to a kei 
Pee shore resources 


Base: 169 respondents to an interactive poll at Gartner Inc.'s Outsourcing Summit in June 


countries “takes a lot of differ- | 
ent pieces coming together, 
not least of which is an organi- 
zation strategy and plan, an 
available workforce and, most 


importantly, transition time,” 
Schafer said. “It takes a lot of 
effort to manage remotely 
what you’ve up to now man- 
aged locally.” 


www.computerworld.com 


Gartner analyst Fran Kara- 
mouzis said researchers at the 
company are still trying to cal- 
culate the total number of jobs 
that will be moved offshore to 
places such as India and Sin- 
gapore by the end of 2004. 
The challenge “is that there’s a 
level of new-job creation” that 
has to be factored into the cal- 
culations, she said. 

The movement of IT jobs 
offshore could be affected by 
“public and legislative pres- 
sure,” said Craig Symons, an 
analyst at Giga Information 
Group Inc. in Cambridge, 
Mass. Symons added that he 
expects the financial services 
industry to lead the offshore 
push among U.S. companies. 
Banks and brokerages have 
historically led the curve 
when it comes to adopting 
new technologies and IT 
methodologies, he noted. B 





DMX3000 model 
doubles capacity in 


BY LUCAS MEARIAN 
EMC Corp. last week upgrad- 
| ed its Symmetrix DMX disk 
| array line by announcing 
| plans to add a new high-end 
model plus native support 
for IBM’s Ficon mainframe 
| connectivity technology and 
| the low-cost Internet SCSI 
| (iSCSI) storage interconnect. 
EMC also introduced a new 
version of its Symmetrix Re- 
mote Data Facility (SRDF) 
software that supports asyn- 
| chronous replication of data 
across distances of thousands 
of miles for disaster recovery 
purposes, plus a local replica- 
tion product called EMC Snap 
that can create point-in-time 
copies of storage volumes. 
The Hopkinton, Mass.- 
based company said the 
DMX3000 high-end array will 
support up to 84TB of raw 
storage capacity and 73.5TB of 
usable space. The new model 
offers twice the capacity of 
EMC’s existing DMX2000 ar- 





EMC Adds High-End Array, 
New Connectivity Options 





ray and is due to become 
available next month. 

The SRDF/Asynchronous 
(SRDF/A) replication software 
is available immediately for 
use with all of the Symmetrix 
DMxX arrays, as is EMC Snap. 


EMC’S NEW DISK ARRAYS 








EMC said the built-in Ficon 
and iSCSI support is sched- 
uled to be added in Septem- 
ber, when the DMX3000 ships. 

Mark Popolano, CIO at 
American International Group 
Inc. (AIG) in New York, said 
he plans to use SRDF/A to 
replicate data between redun- 
dant storage-area networks 
(SAN) that he’s building at 
data centers in New Jersey 
and Texas — a distance of 
about 1,500 miles. AIG expects 
to install about 280TB of stor- 
age capacity on EMC’s 
DMX1000 and DMX2000 ar- 
rays as part of the multimil- 
lion-dollar SAN project. 

Popolano said he’s particu- 
larly pleased about EMC’s 
planned addition of Ficon sup- 
port, because AIG will use the 
Symmetrix arrays to back up 
mainframes that have a com- 
bined performance level of 
“several thousand MIPS,” as 
well as Windows NT and 
Unix servers. 


Using Less Bandwidth 

The SRDF/A software can re- 
duce bandwidth consumption 
by up to 30% by mirroring 
delta sets of data every 15 to 30 
seconds instead of constantly 
updating information as it’s 
written to disk drives, said 
Chuck Hollis, a vice president 





at EMC. The company is also 
adding native Gigabit Ethernet 
connectivity to the SRDF 
technology for Symmetrix 
DMx, which lets users repli- 
cate data remotely without in- 
stalling any channel conver- 
sion devices. 

Chuck Standerfer, an analyst 
at Evaluator Group Inc. in 
Greenwood Village, Colo., said 
that many EMC users have 
been waiting for Ficon sup- 
port, which boosts peak 
throughput between the disk 
arrays and mainframes from 
17MB/Sec. with IBM’s older Es- 
con technology to 200MB/Sec. 

EMC said its new iSCSI 
ports will let systems adminis- 
trators use IP-based SANs to 
attach low-end servers to 
Symmetrix DMX arrays for 
data backups. Such connec- 
tions previously required 
SANs based on more costly 
Fibre Channel technology. 

The company also an- 
nounced an upgrade of the 
Symmetrix DMX line’s Engi- 
nuity operating software and a 
lower-cost configuration of 
the entry-level DMX800 array. 
The new offering costs 30% 
less than the initial DMX800 
model that was introduced in 
February, but it supports only 
about half the raw minimum 
storage capacity, EMC said. D 





LOW COST. 
NO COMPROMISE. 


SUN FIRE™ V60X SERVER: 
> INTEL XEON 2.8 GHZ PROCESSOR 
> RUNS SOLARIS™ 9 OS FOR X86 OR RED HAT° ENTERPRISE LINUX” ES 


$2,450. 


SUN FIRE V210 SERVER: 
> RACK-OPTIMIZED, ULTRASPARC’/SOLARIS OS 
> INTEGRATED WITH AWARD-WINNING SUN™ ONE MIDDLEWARE 


$2,995. 


SUN STOREDGE™ 3310 SCSI ARRAY: 
> HIGH-DENSITY, MODULAR STORAGE 
> HIGH AVAILABILITY CONFIGURATIONS 


$6,995. 


SUN FIRE B100 BLADE SERVER: 
> ULTRASPARC OR X86 PROCESSOR 
> RUNS SOLARIS 8, 9, OR RED HAT ENTERPRISE LINUX ES“ 


$1,795. 


THE LOW COST MOVE IS ON 


WWW.SUN.COM/LOWCOST 
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Dell Posts, Pulls 
Handheld PC Patch 


Dell Inc. posted a software patch 
for its Axim handheld PCs but 
then quickly pulled the code from 
its Web site after hackers used 
the patch to download free copies 
of Microsoft Corp.’s Pocket PC 
2003 operating system. Dell did 
not say when it expects to reissue 
the patch, which was designed to 
fix a flaw in firmware that the 
company developed to work with 
the Microsoft operating system. 


Microsoft Says NT 
Patch Needs Fix... 


Microsoft acknowledged that a 
software patch released July 23 
can cause problems on servers 
running Windows NT 4.0 and its 
Routing and Remote Access Ser- 
vice software. The routing code 
fails when IT managers reboot 
systems after installing the patch, 
Microsoft said. An update of the 
patch is in the works, although a 
“hot fix” that hasn’t been fully 
tested is available now. 


. .. And Signs Deal 
To Settle Lawsuit 


In another matter, Microsoft said 
it has agreed to settle a patent- 
infringement lawsuit filed by San 
Jose-based Immersion Corp. The 
deal calls for Microsoft to pay 

$26 million to license Immersion’s 
interactive touch technology and 
to buy an ownership stake of just 
under 10% in the company. 


BMC Cuts Jobs 


Following Q1 Loss 


BMC Software Inc. reported a $6.1 
million net loss for its first quarter 
and said it’s laying off about 900 
employees, or 13% of its work- 
force. Houston-based BMC said 

it had revenue of $309.9 million 
in the quarter, which ended June 
30. That was up 2% year-over- 
year, but Bob Beauchamp, BMC’s 
president and CEO, said he was 
“taking fast action to improve our 
. .. financial performance.” 








NEWS 


Unisys Expands Partitioning 
With Upgraded Mainframe 


May have greatest 
appeal among 
existing users 


BY PATRICK THIBODEAU 
NISYS CORP. has re- 
leased a new main- 
frame, its most 
powerful to date, 

aimed at IT organizations that 

are consolidating servers and 
moving to Web services. 

The ClearPath Plus Libra 
185 can operate at 10,500 
MIPS, a processing speed 
that’s more than 400% above 
that of Unisys’ previous top- 
line model. It also features 
built-in .Net and Java support, 
the Blue Bell, Pa.-based com- 


| pany said. 


The system, which will cost 
$1.1 million to $22.4 million, 
depending on the configura- 
tion, is intended to support 
the Unisys Business Blueprint- 
ing strategy, which was an- 
nounced last month. 

Like Hewlett-Packard Co.'s 


| adaptive enterprise, IBM’s on- 


demand initiative and Sun Mi- 
crosystems Inc.’s N], the strat- 
egy is designed to improve a 
company’s ability to adapt its 
existing technology to chang- 
ing business models. 

John Phelps, an analyst at 


Gartner Inc., said the server’s 


added capability will have its 
strongest appeal among exist- 
ing ClearPath users. “This is a 
good growth option that they 
have,” he said. 


Bob Kenward, vice presi- 
dent of information services at 
United Fire & Casualty Co. in 
Cedar Rapids, Iowa, has been 
testing the new mainframe 
and was considering putting it 


NEW PRODUCT 


Unisys ClearPath 
Plus Libra 185 


= Up to 32 CMOS processors 
and 24 Intel Xeon processors 


= Eight partitions, 
64GB of memory 


OPERATING ENVIRONMENTS: 
MCP; Microsoft Windows 
2000 Datacenter Server; 
Windows Server 2003, 
Enterprise and Datacenter 
editions; Linux 
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in production this past week- 
end. The mainframe’s chief 
appeal is that it can support 
up to eight partitions, he said. 
Kenward’s current system fails 
over to the development ma- 
chine, halting work. But the 
partitions “give me the ability 
to keep programmers working 
when the company fails over 
to the programmers’ ma- 
chine,” he said. 

Kenward has no immediate 
plans to utilize the .Net or Java 
support but said he wants the 
latest and best mainframe 
from Unisys because he plans 
to use it for at least six years. 

Unisys said the new main- 
frame supports its Blueprint- 
ing strategy by allowing main- 
frame and packaged applica- 
tions to run on one machine. 
The system can run Unisys’ 
MCP mainframe operating 
system along with other oper- 
ating systems, including Linux 
and Windows, running on the 
various partitions. D 





Continued from page 1 


MCI 


| on Friday to assess the poten- 


tial governmentwide impact of 
MCI’s suspension, which took 
effect that day. 

Vance Hitch, CIO at the Jus- 


| tice Department, said he is 
| also concerned about the situ- 
| ation. “We sent several people 


from our telecommunications 


| group to meet with the GSA to | 
| understand exactly what this 


means,” he said. “We'll be as- 


sessing our alternatives and 


working on a strategy over the 
next several weeks.” 
By contrast, Lt. Gen. Steven 


| W. Boutelle, the U.S. Army’s 


CIO, said he doesn’t expect 


“any interruption in our abili- 


ty to provide global and perva- 
sive information.” The Army 
has a number of potential net- 
work service providers other 


than MCI, he added. 


But even GSA officials have 
acknowledged that the effects 
could be widely felt. In a May 
30 memo, GSA General Coun- 
sel Raymond McKenna said 
any shift away from MCI 
would disrupt telecommuni- 
cations services to many agen- 





cies, including military, law 


| enforcement and homeland 
| security organizations. 


MCI has 30 days to chal- 


| lenge the GSA’s decision be- 


fore it’s formally barred from 
the contracts process. But the 
company said it accepts the 


| ruling and will seek reinstate- 


ment after it finishes installing | 


| new control systems and 


strengthening its ethics office. 
A spokeswoman for MCI 

said it plans to continue mak- 

ing contract bids to agencies 


| in anticipation of being rein- 


stated. The carrier “fully in- 


| tends to be able to put into 
| place the necessary account- 


ing controls,” she said, adding 
that MCI hopes to meet the 
GSA’s requirements “some- 
time in the very near future.” 
The ruling by the GSA, 
which awards and manages 
private-sector contracts for 


|; the government, won't affect 


a MCI has a big 
magnifying 
glass on it right now. 


RICK SLOAN, MANAGER 
OF TELECOMMUNICATIONS. 
DOLLAR TREE STORES INC 





existing deals between MCI 
and federal agencies. 

The call-routing investiga- 
tion came to light when AT&T 
Corp. filed a 27-page objection 
to MCI’s Chapter li reorgani- 
zation plan in U.S. Bankruptcy 
Court in New York. AT&T said 
calls made by MCI customers 
were “knowingly and reckless- 
ly” routed through Canada 
and back to AT&T’s network. 
That resulted in “millions 
upon millions” of dollars in 
MCI operating expenses being 
offloaded upon AT&T, the 
company claimed. 

In addition, a spokesman for 
San Antonio-based SBC Com- 
munications Inc. said MCI has 
avoided access fees owed to 
SBC at a rate of about $1 mil- 
lion per week, dating back to 
its bankruptcy filing in May 
2002. Long-distance calls from 
MCI users were “disguised 
and masked” as local SBC 
calls, the spokesman claimed. 

“MCT has a big magnifying 
glass on it right now,” said 
Rick Sloan, manager of tele- 
communications at retailer 
Dollar Tree Stores Inc. in 
Chesapeake, Va. Dollar Tree 
has been an MCI customer for 
ll years and buys millions of 





dollars worth of network ser- 

vices from the company annu- 
ally, Sloan said. He added that 
Dollar Tree is now evaluating 

MCI and 16 other vendors for 

a new multiyear contract that 

will be awarded next month. 

Sloan said he thinks MCI’s 
rivals are worried that it will 
emerge from bankruptcy ina 
relatively strong competitive 
position. “In our contract 
talks, any vendor’s ethics are 
one thing among many we 
consider,” he said. But for Dol- 
lar Tree, reliability of service 
“has never been an issue” with 
MCI, Sloan added. 

In a statement, MCI CEO 
Michael Capellas said that 
MCI officials have met with 
staffers from the U.S. attor- 
ney’s office for the southern 
district of New York and 
“committed to them our full 
cooperation in their efforts.” 
He also said that MCI has 
hired an outside law firm to 
analyze the charges. 

“As [have said all along, we 
will do the right thing,” Capel- 
las said. “We have a zero-toler- 
ance policy, and if any wrong- 
doing is discovered, you can 
be certain that we will take ap- 
propriate action swiftly.” D 
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Private Companies Fee! 
Effects of Sarbanes-Oxley 


Financial reporting law could force IT 
changes even at nonpublic businesses 





BY THOMAS HOFFMAN 
When Congress passed the 
Sarbanes-Oxley Act in July 
2002, the mandates to put 
more stringent controls on 
corporate accounting prac- 
tices were primarily aimed at | 
public companies. But execu- 
tives, consultants and lawyers 
are starting to realize that 
there are both direct and indi- 
rect implications for privately 
held businesses as well. 

For instance, public and pri- 
vate companies alike must ad- 
here to the so-called whistle- 
blower provision of the finan- 
cial reporting law, said John 
Hagerty, an analyst at AMR 
Research Inc. in Boston. 

That section specifies that 
employees must be given the 
means to anonymously notify 
federal regulators or corporate 
audit committees of any po- 
tential wrongdoing within 
their companies. 

In addition, privately held 
companies would have to take 
many of the other steps man- 
dated by Sarbanes-Oxley if 
they decided to go public or 
agreed to be acquired by a 
public company, according to 
Hagerty and other analysts. 


Other Considerations 

The whistle-blower provision 
probably won't pose major IT 
implications for most compa- 
nies, beyond the need to pro- 
vide confidential methods of 
communication. 

But the stock-offering and 
merger considerations are an- 
other story. Just like their 
peers at public companies, IT 
managers who work for pri- 
vately held businesses could 
be forced to make substantial 
changes to their system infra- 
structures and data-reporting 
capabilities. 

“If you’re thinking of going 
public, or it’s even in the 


| straight losses 





realm of possibility for you, 


this is sure as heck something 
that you'd better plan for,” said 
Robert Handler, an analyst at 
Meta Group Inc. in 
Stamford, Conn., 
referring to Sar- 
banes-Oxley com- 
pliance. 

Fred Pauls, cor- 
porate records 
manager at J.R. 
Simplot Co. in Boise, Idaho, 
said the privately held agribusi- 
ness has already taken steps to 
address the provisions of Sar- 
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| banes-Oxley because it has 
| government contracts that re- 
| quire compliance with the law. 
J.R. Simplot, which has an- 
nual revenue of more than $3 
| billion, last year began index- 
ing its purchase-order system 
eae so the application 
meets Sarbanes- 
Oxley’s record- 
keeping require- 
ments. The com- 
pany is using an 


| management sys- 
| tem from Colorado Springs- 
| based Optika Inc., which it has 
| used for other purposes since 


| the early 1990s. 


automated records 





| 


Compliance Tips 


“We do comply in most cas- 
es with Sarbanes-Oxley, due to 
previous [internal financial 


| control] policies, and this soft- | 


ware system is a key part of 
that,” Pauls said. 
In the future, he added, J.R. 


Avaya CEO Sounds Hopeful Note, 
But Looks for Ways to Drive Sales 


Networking 
vendor reports 
profit after seven 


BY MATT HAMBLEN 
Avaya Inc. on July 24 ended a 
string of seven straight quarter- 
ly losses by reporting an $8 mil- 
lion profit on revenue of $1.07 
billion for its third quarter, 
which ended June 30. 

Several days before the re- 
sults were announced, Donald 
Peterson, Avaya’s chairman and 
CEO, spoke with Computer- 
world about the status of the 
Basking Ridge, N.J.-based net- 
working equipment vendor, 


which was spun off from Lucent | 


Technologies Inc. in October 


| 2000. Excerpts follow: 


On a scale of 1 to 10, how would 
you rate Avaya’s performance 
during its current fiscal year and 
in each of the past two years? At 
the end of our first year, which 
was fall of 2001, I felt like we 
were doing what we needed to 
do. We had seen a small step 


down in revenue, about 10%, 
| but earnings were up, and we 
| were generating cash, and we 
made a couple of acquisitions. 
But then the revenue fell away 
from us much more dramati- 
| cally than anticipated. 
So I would have given us an 
| 8 out of 10 one year 
| out. By the fall of 2002, 
I would have dropped 
| that toa4or5. And 
| since that time, I would 
take us back towards 
} an 8. 


| What level is your re- 
search and development 
spending at now? R&D is 

| right about 9% of revenue, 


which is about where it should | 
| could come down more, but it 


be. We can live well with 9% 

| of total revenue, keeping in 

| mind that if you looked at 

| product revenue, [which is] 
less than half of total revenue, 
we're in the midteens. That’s 

| about a $400-million-a-year 

| R&D flow, and that’s a pretty 

robust program. 


Have you stopped cutting jobs at 
Avaya? Your workforce is at near- 


ly 18,000 now, which is down al- 
most 20% from a year ago. We 
were at 34,000 full-time em- 


| ployees when we spun off 


from Lucent in late 2000 and 
are at a little under 17,000 full- 


time employees right now, and | 


part-timers and contractors 
would take it up to that 
18,000-plus number. So, 
we have taken a lot out 
of the business. 

At the same time, 
we've been relatively 
successful at keeping 
people focused. We're 
kind of at where we 
should be, but there 
will be some drifting 


| down of that number, and 





frankly, it will oscillate. It 


could expand fairly rapidly if 
we got 10% more revenue. 


| What about the economy and 


when you might see an uptick in 
revenue? The conversation is 
better out there. More of our 
customers are talking about 
the [need for an] investment 
program, and the CEOs are 
talking about looking at an in- 


| Simplot will likely take advan- 
| tage of a link between Optika’s 


Acorde Records Management 


| software and J.D. Edwards & 

| Co’s financial applications to 
| help ensure that its proce- 

| dures comply with other parts 


of the law. 
Jocelyn Arel, a partner at 


| Boston-based Testa, Hurwitz 
| & Thibeault LLP, said some 


public companies that she’s 
representing in potential ac- 
quisition deals are beginning 
to push privately held busi- 


| nesses to document their in- 


ternal accounting controls and 
processes in order to show 
compliance with the Sarbanes- 


| Oxley Act. 


“We’re starting to see that in 
the due diligence process that 
buyers are going through,” 


| said Arel, who is co-chairman 


of the law firm’s corporate fi- 
nance and securities group. D 
crease in spending. We’re get- 
ting closer to a turnaround. 


| Do you see Avaya still relying on 


voice technology in the coming 
years? I see us playing our 


| biggest role in voice. [But] I 


think what we'll deliver will 


| change dramatically. Five 
| years out, we'll be almost all 
| software running on standard 


servers. 
There will be voice applica- 

tions and core voice proces- 

sors that are major compo- 


| nents of other systems, and we 


will supply them on an OEM 
basis to people that supply the 
servers and the middleware — 
the IBMs and HPs and, hope- 
fully, Microsoft. 


You obviously like your job, but 
what problems keep you up at 
night? I do like my work. But 
struggling with the revenue 


| line clearly has been the most 


stressful part of this work. 
When you have a little bit of 
a problem, as we have had in 


| the last couple of years, fight- 


ing against that is a little dis- 
appointing some days. But 
we're getting through that, and 


| those days are fewer. 


| What do you most need at Avaya 
| now? Getting ourselves visible 
| in the marketplace. D 
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IBM Readies Portal 
Software Upgrade 


| New version adds 


data-sharing, document 
management tools 





BY MARC L. SONGINI 
IBM last week unveiled planned en- 
hancements to its WebSphere Portal 
software that are designed to let IT 
managers and end users set up data- 
sharing capabilities between applica- 
tions without resorting to the use of 
customized connectors. 

Tim Thatcher, program director of 
WebSphere Portal marketing at IBM, 
said Version 5 is aimed at helping com- 
panies get a return on their portal in- 
vestments more quickly. Key new fea- 
tures include so-called cooperative 
portlets functionality for distributing 
data from one application to another 
and separate integration tools for link- 
ing specific information stored in dif- 
ferent databases. 

The upgrade, which is due to ship 
Aug. 21, also includes a document man- 
agement function that lets end users 
centrally store financial reports, prod- 
uct specification sheets and other busi- 
ness documents so they can be shared 
with and modified by co-workers. 





Companies can use the portal software 
to track different versions of a docu- 
ment and control access to informa- 
tion, IBM said. 

The company is also adding a ver- 
sion of the software called WebSphere 
Portal Express for small and midsize 
businesses or small departments within 
large companies. The Express release 
will simplify the process of adding new 
users or changing the portal’s look and 
feel, IBM said, adding that it will also 
be packaged with instant messaging, 
chat and group calendaring tools. 

Plastic Surgery Center of Hampton 


IBM’s WebSphere 
MOaCIA esti Re) 


KEY FEATURES: 

& Simplified installation and application 
integration capabilities 

= Centralized document management 
functionality 

= Built-in spreadsheet, text editing and 
data presentation tools 


PRICING: $87,000 per processor for the 
Enterprise version; $33,000 per CPU for 
the Express release 





www.computerworld.com 


Roads, a medical facility in Newport 
News, Va., has been beta-testing Ex- 
press since January along with add-on 
messaging and single sign-on tools de- 
veloped by a third-party vendor. 

Patricia Stibbs, practice administra- 
tor at the center, said the portal appli- 
cation has already paid for itself 
through improved staff productivity 
and a reduction in paper-based manual 
processes. The medical facility has 
also been able to centralize “the 
tremendous amount of information 
running in the office,” she said. 

Stibbs said that within the next 90 
days, the company plans to go live with 
the document management feature, 
which will let employees securely 
share confidential data via WebSphere 
Portal. It also plans to tie the portal 
into a new back-end billing system that 
will be based on a set of packaged ap- 
plications that have yet to be chosen. 

IBM has improved the WebSphere 
Portal installation process to make it 
easier to roll out the software in a test 
environment before doing a full-blown 
implementation, said Laura Ramos, an 
analyst at Forrester Research Inc. in 
Cambridge, Mass. The process is also 
more modular, allowing users to skip 
steps or swap out some of the underly- 
ing components more easily, she noted. 

There is no clear leader in the portal 
market at this point, Ramos said, but 
she added that IBM offers the widest 
range of native capabilities for sup- 
porting transactions, applications and 
content aggregation. DB 





Comdex Fall 2003 to Target IT Professionals 


BY CAROL SLIWA 
You won’t find booths pitching mas- 
sage chairs, refrigerator magnets or 
shoe insoles this November on the ex- 
hibition floor at Comdex Fall 2003 in 
Las Vegas. 

Eric Faurot, vice president and gen- 
eral manager of Comdex, said late last 
month that the computer trade show’s 
focus will be on addressing the busi- 
ness-to-business needs of IT profes- 
sionals. 

“It’s important for us to eliminate 
the notion of consumers coming to 
Comdex,” Faurot said. “Our goal is to 


| be the industry event for IT.” 


Questions swirled about Comdex’s 
future when Key3Media Group Inc., 
the company that produced Comdex 
and other high-profile technology 
trade shows, filed for Chapter 11 bank- 
ruptcy protection in February [Quick- 
Link 36120]. But the company an- 





nounced in June that it had emerged 
from Chapter 1] and that it would 
change its name to MediaLive Inter- 
national Inc. and relocate its head- 
quarters to San Francisco [QuickLink 
39372]. 

With the event’s new focus, gone 
will be the digital lifestyles track. In- 
stead, Comdex will be a “best-of- 
breed” conference focused on seven 
core themes: wireless and mobility, 
Web services, digital enterprise soft- 
ware, on-demand computing, open- 


| source, security, and Windows and 


-Net, Faurot said. 

One way that Comdex organizers 
will try to attract a higher-quality audi- 
ence is by charging an entrance fee. 
Those who preregister will pay $50, 
while those who register on-site will 
pay $100, Faurot noted. 

So far, 150 vendors have committed, 
and organizers are in talks with anoth- 





| er 400 to 500, according to Faurot. 


He said there were about 900 ex- 
hibitors last year. 

Microsoft Corp. signed up about 
three months ago, and its chairman 
and chief software architect, Bill Gates, 
has once again agreed to deliver the 
opening keynote, Faurot said. 

Comdex will be positioned similarly 
to June’s CeBIT America in New York. 
That show, the first CeBIT event to be 
held in the US., also had a business-to- 
business focus [QuickLink 39174]. But 
Faurot said there’s “definitely room, 
as the market bounces back, for more 
than one event.” He noted that CeBIT 
America now fills the vacancy left by 
PC Expo in New York, which tended to 
have a regional draw. 

“They’ve got a great brand interna- 
tionally, but it’s going to take them a 
while to build awareness in the New 
York market,” he said. D 
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OPINION 


MARYFRAN JOHNSON 


kirmishing With Spam 


HEN I cranked up my spam filter 

settings to “aggressive” not long 

ago, I saw a gratifying drop in the 

number of junk e-mails sneaking 

through Computerworld’s filtering 
service. But I quickly discovered the downside of my 
e-mail tinkering: one irritated husband and one be- 
wildered daughter, both of whom had sent e-mails 
that were caught as “false positives” and plopped 
into the spam bucket by mistake. 


“You blocked me, 
Mom?” said the daugh- 
ter. “Expletive deleted,” 
said the husband. 
So I wasn’t surprised 
last week to see false 
positives referred to as 
“the biggest challenge in 
the spam wars,” in our 
cover story on “Spam 
Battle Plans” [QuickLink 
39842]. False positives 
can lead to lost business, 
angry customers and 
mutual frustrations galore. Spam just 
keeps getting better at getting worse, 
doesn’t it? With an estimated 50% of 
all incoming business e-mail now 
likely to be spam, legitimate mes- 
sages are swimming upstream like 
exhausted salmon in the wrong river. 
“When you're receiving 60% less 
e-mail due to spam blocking, you 
wonder what you’re missing,” says 
Rob Buchwald, security manager at 
Ohio-based Moen Inc. [QuickLink 
39841]. Moen, which sells residential 
and commercial plumbing supplies, 
grew weary of the system-tinkering 
required every hour to keep e-mail 


even personal e-mails are 
considered junk. (“You 
blocked me, Mom?” “No, 
honey, my IT department 
did.”) Of course, financial 
necessity plays a big role 
in all industries, since pil- 
ing on e-mail servers and 
storage to cope with spam 


is an unwelcome strain on | 


budgets these days. 
So are there any happy 
endings to spam stories? 
Perhaps. Our article on 
spam drew the attention of one CIO 


who believes he’s found a way to de- 
| feat it. Larry Fresinski of Cornell’s 


S.C. Johnson Graduate School of 


| Management e-mailed me about his 


discovery, and thankfully his mes- 
sage made it through my filter gant- 


lists and rules updated to block spam. | 


The company turned the whole mess 
over to a service provider — and 
now only one message in 5,000 is 
blocked as a false positive. 
Legitimate e-mail getting sidelined 
because of spam is a particular pain 
for certain industries, such as health 
care and financial services. One 
medical center we wrote about takes 
such a hard-line stance on spam that 


| is specific to each person and what 


| let. He’s testing an open-source spam 
| filter called SpamBayes that seems 

| to work well with Microsoft’s Out- 

| look 2003 (see story, page 5). 

“I’ve turned the Outlook filtering 
off and rely on this now,” says Fresin- 
ski, who is part of Microsoft’s beta- 
testing group for Outlook 2003. The 
| code for the SpamBayes Outlook 
plug-in (http:/Atarship.python.net/ 
crew/mhammond/pambayes/) can 
be installed quickly, and it’s regularly 
updated, he says. It also works with 
Outlook 2000 and Outlook XP (but 
not with Outlook Express). 

“SpamBayes is a little-known effort 
that’s making tremendous progress. 
It’s a very effective tool — 99% of my 
| spam is being captured,” Fresinski 
says. “The beauty of it is that it con- 
| tinually learns what is spam to you 
| and not to some external database.” 
That speaks to one of the big issues in 
the spam battles — and the reason it 
can’t be blocked or attacked as com- 
prehensively as viruses can. “Spam is 
not generic,” Fresinski notes. “Plenty | 
of it is similar, but a large amount of it 


| 
| 


they consider to be spam.” 

As the spam wars keep escalating, 
it’s nice to hear from one of the vic- 
tors. If your defenses are holding up, 
let us know so we can share your 
| battle plans with your colleagues. D 
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PIMM FOX 


WYSIWYG 
For Color 


HAT YOU SEE isn’t 
what you get. 
That’s the prob- 


lem with color. 

Although inexpensive desktop print- 
ers, monitors, scanners and digital 
cameras have made color widespread 
inside businesses today, they haven’t 
ensured color fidelity or consistency. 
Producing consistent color from start 
to finish has required guesswork by 
designers, art directors and commer- 
cial printers. 

Until now. 

The color management system de- 
veloped by the International Color 
Consortium (ICC) enables color coor- 
dination from monitor to desktop 
printer to press. This should cut down 
on the number of pricey proofs and re- 
duce the likelihood that you'll get 
poorly matched col- 
ors and disparate re- 
sults that add time, 
money and stress to 
a process that ought 
to be about greater 
customer value. 

For example, color 
for a logo can appear 
different on any giv- 
en monitor, different 
when reproduced 
by a desktop color 
printer and different 
again when rolling off a color press. 
Color models that use numerical val- 
ues to describe color, such as RGB 
(red, green and blue — for monitors) 
and CMYK (cyan, magenta, yellow and 
black — for print), can help designers 
designate what they want, but they 
don’t offer consistency over the range 
of I/O devices and applications. 

The profiles set by the ICC (www. 
color.org) make it possible to accurate- 
ly interpolate color from one device to 
another. They also confirm the notion 
that industry standards bodies can pro- 
duce more than abstracts and policy 
pronouncements. Use of the IT-based 
industry standard offers customers 
lower prices, quicker execution times 
and consistent output across different 
media. 

Here’s how it works. 

A spectrophotometer, an instrument 
for measuring color samples that you 
can get courtesy of your local printer, 
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uses color outputs from your different 
devices to create ICC profiles that are 
calibrated to that printer’s press. Once 
the devices, drivers, operating systems 
and applications are profiled, they’re 
translated into something called a 
common color space that’s embedded 
in the ICC profile. (ICC profiles are 
supported by graphics applications 
such as Adobe’s Photoshop, Illustrator 
and InDesign.) I/O devices can read 
this translation, making it possible to 
match results against offset, gravure, 
ink-jet and laser printers as well as 
CRT and LCD displays and video pro- 
jections. In addition, ICC profiles can 
note the device link and named colors 
such as those found in Pantone’s and 
TrueMatch’s color libraries. 

Dave Wilson, general manager of 
Oxnard, Calif.-based Venture Printing 
Co., says clients who install ICC pro- 
files on their own computers will re- 
duce surprises at the press and realize 


savings by eliminating multiple rounds | 


of proofing. 
And that way, what you see is what 
you get. D 


ARI KAPLAN 


Sharing Is 
Nice, but It’s 
Also a Crime 


OURTS in the U.S. are 

reportedly issuing 

about 75 subpoenas 
per day at the request of the 


music industry in its fight against 
anonymous users of peer-to-peer soft- 
ware. The question now is, When will 
grand juries begin handing down in- 
dictments? That’s right, indictments, 
as in, Go to jail, go directly to jail, do 
not pass go, do not collect 200 MP3s. 

In a recent telephone conversation, 
Rep. Anthony D. Weiner (D-N.Y.), a 
member of the House Judiciary Com- 
mittee’s Subcommittee on Courts, the 
Internet and Intellectual Property, 
commented that “the marketplace is 
ripe for criminal prosecution of digital 
file sharing because the problem is 
getting worse and having a more dra- 
matic impact on the economy.” 

Until recently, companies wanted 
their employees to avoid peer-to-peer 
activities at work to eliminate distrac- 
tions, avoid network slowdowns, mini- 
mize security risks and slow the spread 
of viruses. Now they must also be con- 





cerned about facing civil 
penalties for contributing to 
copyright infringement. 
Imagine the public relations 
nightmare that a criminal 
prosecution of an employee 
would cause, especially if he 
used the company’s comput- 
er to commit the crime. 

fears ago, there was an 
interesting loophole in the 
Copyright Act — people 
who intentionally distrib- 
uted copyrighted material 
over the Internet didn’t face 
criminal sanctions if they didn’t derive 
any profits from their actions. In 1997, 
however, the NET (No Electronic 
Theft) Act amended the law so that fi- 
nancial gain was redefined to include 
the mere expectation of receipt of any- 
thing of value, which specifically in- 
cluded other copyrighted material. 
Now it’s a federal crime to share (not 
just sell) copyrighted files. 

On July 16, the Author, Consumer, 
and Computer Owner Protection and 
Security (ACCOPS) Act of 2003 was 
introduced to further amend the Copy- 
right Act. Under ACCOPS, a single file 
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upload to a file-sharing site 
would meet the 10-copy, 
$2,500 threshold of felo- 
nious copyright infringe- 
ment. Penalties could in- 


clude up to five years in jail | 
| of files that are stored throughout the 
| network for illicit materials. 


and as much as $250,000 in 
fines. Weiner, a co-sponsor 
of the bill, warned that 
“there is going to be an in- 
creasing focus on using the 
tools of the law to stop this 
problem.” 
Corporations should be 
especially concerned, given 
the study released in mid-July by Ot- 
tawa-based AssetMetrix Inc. (down- 
load a PDF at www.assetmetrix.com/ 
pdf/p2prisk.pdf or see story at Quick- 
Link 40012), which showed that of 560 
companies polled, three quarters had 
peer-to-peer software loaded onto 
their systems. “P2P file sharing has 
been elevated from an IT-related issue 
to an executive issue. CEOs and CTOs 
are fearful of the legal liabilities and 
having their corporate names dragged 
down by use of these services by their 
employees,” says AssetMetrix Presi- 
dent Paul Bodnoff. 


aaa 


In order to avoid the spotlight, IT 


| managers should do the following: 


@ Implement programs to detect and 
block P2P access (though they aren’t 
foolproof). 

® Perform random keyword searches 


®@ Scan networks to determine how 


many computers use P2P programs, 

| how many files have been transferred 
| and how much space those files have 
| consumed. 


® Limit the amount of hard drive 
space or the number of CD-RW drives 
available to employees. 

@ Launch an aggressive educational 
program to alert employees to the 
company policy on file sharing. 

By taking these proactive steps, 


| companies may avoid association with 
| the first criminal prosecution for file 


sharing. After all, the Department of 
Justice doesn’t accept “get out of jail 
free” cards. D 
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DHS Didn’t Have to 


Choose Microsoft 


CCORDING TO the headline of 

your July 21 article, “DHS Had 
Little Choice but to Sign Microsoft 
Deal, Despite Security Flaws” 
[QuickLink 39989]. What about 
Mac OS X on the desktop and the 
National Security Agency's securi- 
ty-enhanced Linux servers? Either 
alazy IT hack didn’t want to put 
forth the effort to implement any- 
thing other than another layer of 
Microsoft “insecureware,” or this 
was a case of good old-fashioned 
Washington deal-making. What 
bothers me is the implication by 


the DHS IT people that changing to | 


anything but Microsoft software 
would cause the end of the world 
as we know it. They ought to talk to 
Wall Street, because Linux rules 
everywhere that security and sta- 
bility are concerns. 

David A. Gregory 

Marion, Ark. 


HE DHS DEAL with Microsoft is | 


So frightening it’s like a disaster 
movie. According to Roger Cres- 
sey, former chief of staff of the 
President's Critical Infrastructure 


Protection Board, “They had a 
choice, but it would have been 
costly and time-consuming.” This 
statement is ignorant and disre- 

| gards the world of alternatives 
available. | find it especially signifi- 
cant that Bill Gates has the ears of 
people in high places. 

Joey Mele 

Consultant, JBT Production 
Services, Las Vegas 


| Stolen Fingerprints 
No Security Threat 


Taggart, who was quoted regard- 


other bioprints could be stolen by 
hackers, is president and CEO of a 
company that makes smart cards 
with encryption keys [“The Next 


| Chapter: IT Security,” QuickLink 


39535]. Stolen fingerprints are 
worthless for accessing a system 
that uses fingerprint scanners that 
first detect whether a finger is 
“alive” before even attempting a 
scan. These cheap, reliable scan- 
ners, such as the Ethenticator my 
company uses, first detect the 
presence of bioelectrical activity 





beneath the skin caused by a per- 


TIS CURIOUS that Malcolm Mac- 


ing the danger that fingerprints and | 





son's nervous system. They also 
determine if real skin is being 
scanned. No James Bond here! 
Steal all the fingerprints you 
want. | will even send you mine. 
They won't do you any good. Now, 
steal my smart card with all of my 
digital certificates on it - that's a 
different story. 
James Byers 
Founder and CTO, ValidX 
Technologies Corp., Houston 


Mobile Insights 


ENJOYED RUSSELL KAY’S re- 
cent article on Centrino note- 


books [“Laptops for the Long Haul,” 


QuickLink 39397]. However, the 
“standard” pricing quoted in the 
article is somewhat misleading. 


We recently performed an evalu- 
ation for our corporation and quick- 


ly narrowed our choices to two 
computers that were reviewed in 
the article, the Dell and the IBM 


ThinkPad. In a competitive bid situ- 


ation, the price difference between 
these two contenders is negligible. 
| would encourage your readers to 
aggressively negotiate with ven- 
dors. Even if the order is in the 
hundreds and not thousands of 


| units, the pricing does change 


And while on the topic of mobile 


| devices, let me say that the only 


way that a Wi-Fi service will make 
money is if it's offered for free 


| [“Businesses See Wi-Fi as Poten- 
| tial Lure,” QuickLink 39794]. It's 

| ridiculous to assume that |, as a 

| business traveler, am going to sign 
| up for monthly plans with various 


providers, depending on where my 


| travels take me. However, | will go 


out of my way to book lodging or air 
travel with companies that offer 


| Wi-Fiasan amenity 
| Paul Lourd 
| Director of IT, UST Inc., 





Greenwich, Conn. 
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Putting the Pieces Together 
Jeanette Horan, IBM’s chief soft- 
ware strategist, has her hands full 
coordinating the offerings of the 
vendor’s five different software 
groups. Page 28 


OPINION 
The Search for Synergy Through Consolidation 


Paul A. Strassmann says that unless your company 
understands the problems that can arise from consoli- 
dating IT systems and is prepared to address them, 
the much-vaunted synergies from consolidation won’t 
materialize. Page 31 


| 
| 
| 
| 
| 
| 


Simulations Revitalize E-learning 
Advances in simulation frameworks and a 
new emphasis on blended learning are 
making e-learning more effective, cheap- 
er and easier to deploy, leading many 
companies to apply it to on-the-job train- 


ing. Page 26 











Configuration tools 
without solid how- 
to policy guides 
will hinder server 
management. By 


Robert L. Scheier 


configurations and the changes needed 
on about 20 Windows servers as well. 

He can’t simply reuse the server 
policies for his workstations; there are 
far more differences among servers 
than there are among workstations, 
and the servers run more critical appli- 
cations than the workstations and have 
different needs. 

Sometimes server configuration re- 
quires compromise, Geddis says. For 





OR GEORGE GEDDIS, choos- 
ing software to help him 
configure his servers was 
easy. The hard part was us- 
ing that tool with different 
types of systems. 

Geddis, a business analyst at cable 
operator Time Warner Cable Inc. in 
Raleigh, N.C., ran into this challenge 
last December after buying Security 
Update Manager from Woodland Park, 
Colo.-based Configuresoft Inc. to dis- 
tribute security patches to 700 desktop 
le Geddis of | mY Oro 1 z | systems. 
sali : | On the workstation side, Geddis ‘s 
developing a set of policies completely 


| different from those for servers for de- 
& termining whether a security patch is 

important enough to install, how to 

| test the patch and how to track the 

| process so the patch can be removed if 
it causes problems later. 

| “The tool has forced us to go back to 

| document a process to make those de- 

| cisions — which is a good thing,” says 

| Geddis. He’s repeating the policy- 


creation process with Configuresoft’s 





seTTe)ge| 








| Enterprise Configuration Manager 
(ECM), of which Security Update Man- | 
| ager is one component, to track the 


Potholes 


example, if he had a machine used for 
both database and Web serving, he’d 
have to decide between his database ad- 
ministrator’s arguments to tighten secu- 
rity on the server and his Web adminis- 
trator’s arguments for somewhat looser 
security to make access easier. 

Using ECM to understand the differ- 
ences in configurations among his 
servers forced Geddis to improve his 
change management policies so he can 
undo patches or other configuration 
changes that might crash a server. 
That, in turn, he says, “highlighted the 
need for a better test environment. As 
we fill in one hole, we discover new 
holes” in the company’s server config- 
uration management processes. 

That’s why systems administrators 
looking to automate server configura- 
tion management can expect to spend 
less time choosing a tool than they do 
deciding on the “ideal” configuration 
for different types of servers and setting 
up procedures to test and then track the 
changes made to the servers over time. 

Even as vendors roll out “utility com- 
puting” strategies that require server 
configuration tools to deliver comput- 
ing on demand, they acknowledge that 
the tools are less important than the 
policies their customers follow. “If they 
just run around with neat tools that can 
allow them to apply patches on the fly 
or change configurations on the fly, 
without testing, without going through 
a defined process, they’re going to end 
up with very unstable environments 
very quickly,” says Allan Andersen, vice 
president of Unicenter IT Resource 
Management at Computer Associates 
International Inc. in Islandia, NY. 

Continued on page 22 
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Continued from page 19 

Andrew Tessier, lead technical archi- 
tect at Park Nicollet Health Services in 
Eden Prairie, Minn., is pleased with the 
mix of IBM and Tivoli management 
tools he has in-house. But his staff has 
been too busy to properly set up the 
automated features of those tools. “We 
end up doing a lot of this stuff manual- 


ly, and not as efficiently” as possible, he | 


says. He expects the situation to im- 
prove this year and next as the health 
care provider devotes more of its staff 
to automating server management. 
Configuration management tools 
generally collect detailed information 
about servers, ranging from their oper- 
ating systems and applications down 
to detailed information such as set- 
tings in the Windows Registry that 
control vital system functions. 


Most monitor the servers for changes, | 


such as the installation of a security 
patch, and in some cases can distribute 
software, make changes to the configu- 
ration of the servers, dynamically re- 
allocate server capacity, update securi- 
ty settings or perform other actions 
based on predetermined policies. It’s a 
market that Giga Information Group 
Inc. estimates will increase from $1.25 
billion last year to $1.75 billion this year. 

Just having an up-to-date inventory 
of what’s running on his 110 Windows 
servers has made it easier for Ismael 
Pimienta, a network specialist at the 
University of Miami, to distribute and 
install patches. 





“One of the biggest problems when 
you have a lot of servers is keeping 


track of who has what,” he says. Using 


Configuresoft’s ECM, he doesn’t have 


to figure out which ones have Internet 


Information Server or SQL Server 
2000. “I can group them by either op- 
erating system or application and roll 


out the patches appropriately,” he says. 


“We’re in much better control of our 


servers, from the standpoint of securi- 


ty and access and services.” 


Extended Capabilities 


Some tools focus on operating sys- 
tems. Others spotlight applications. 


And still others go beyond monitoring 


and managing servers and desktops 
with at least some capabilities for 
monitoring and managing other com- 


ponents, such as storage and networks. 
For example, Veritas Software Corp. 


in Mountain View, Calif., is adding 
server management to its established 
lineup of storage management tools. 
Using OpForce 3.0, an IT manager 


| could tune the virtual disk environ- 


ment of a server to optimize it for a 
database application and then clone 
that configuration to other servers on 
the network, says Marty Ward, directo 
of product marketing at Veritas. 

The information gathered by such 
tools is valuable for other purposes be 


sides configuration management. Ged- 


dis uses the data collected by ECM for 
everything from monitoring whether 
he has enough licenses for all of the 


ate emergency recovery disks for any 
Within the next 18 months, Micro- 


Management Server and Microsoft 
Operations Manager products so cus- 
tomers can have a single view of the 
software inventory and system opera- 
tions data provided by the respective 


manager in Microsoft’s enterprise 
management division. 


Windows workstation in the company. 


tools, says Bill Anderson, lead product 


copies of Microsoft Office his company 
uses to storing the data needed to cre- 


soft Corp. plans to combine its Systems 


Microsoft also recently announced its 


Dynamic Systems Initiative, a new soft- 


ware architecture designed to simplify 
and automate the deployment of “dy- 


namic” applications that can use more, 


or less, computing and network re- 


scheduled for release this fall, which is 
designed to make it easier to deploy 
Windows 2000 and 2003 servers. 
Pimienta uses the domain policies 
within Microsoft’s Active Directory to 


sources as needed. The first implemen- 
tation of the architecture will be Micro- 
soft’s Automated Deployment Services, 


control his servers’ security settings. He 


would like to see an easier-to-use inter- 


I | face than that included with Active 
Directory’s own management tools. 

| Realizing they need advice in addi- 
| 

| 


tion to software, some customers are 


(ITIL). Originally developed by the 
British government, ITIL is a set of 
best practices for IT management that 


turning to the IT Infrastructure Library 


is gaining respect among customers 
and vendors. Microsoft, for example, 
used ITIL as the foundation for the 
Microsoft Operations Framework, its 
packaged advice for improving IT sys- 
tems built with Microsoft products. 
Once customers begin using the proc- 
esses described in ITIL, they stop 
“struggling” with server management 
and begin performing software updates 
and configuration changes with a suc- 
cess rate above 99%, says Anderson. 

Configuresoft ships ECM with tem- 
plates that tell customers how to con- 
figure their systems to comply with, 
for example, security standards from 
Microsoft and the SANS Institute, says 
Randy Streu, vice president of product 
management at Configuresoft. 

With IT staffs reduced by layoffs 
scrambling to apply more frequent 
patches to more applications, good 
processes “are the only thing that 
stands between you and madness,” 
says Andersen. No matter what soft- 
ware configuration tools vendors come 
up with, staying sane will require 
knowing how to use them right. D 





Scheier is a freelance writer in Boylston, 
Mass. He can be reached at rscheier@ 
charter.net. 


VMS COME TO BLADE SERVERS 


Partitioning mainframes is old hat. Now virtual 
machines are becoming viable on blade servers: 


QuickLink 40041 
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Server Configuration Tools Sampler 


Vendor & Product(s) 


BindView Corp.: BindView 
Compliance Center 


BMC Software Inc.: Application and 
server tools include Mainview 


Claimed Capabilities 


Detects and reports on deviations from corporate 


policies for configuration of servers and other 
elements of the IT infrastructure. 


Mainview for Linux monitors and manages Linux 


running on IBM's mainframe z/VM operating 


management 
for Linux Servers, Patrol for Oracle on Linux 


system. Patrol for Oracle on Linux monitors and 
manages Oracle database servers. 


Unicenter Asset Management discovers hardware 
and software configurations; Unicenter Software 
Delivery distributes patches and other software. 


Automatically rolls back critical workstation and 
server configurations to preset standards if they are 
changed; maintains an audit trail of changes. 


SMS 2003, due in the fall, 
will feature better integration with Windows 
and more granular asset discovery 
than previous versions. 


Integrates server management with storage 
management; provides automatic policy-based 
changes to server configurations; automatically 

discovers network attributes to communicate 
and distribute software among servers. 


COOP e eee eee ORE H EEE HEHE SESE HES ESOS SEES EEHEES ESET ESHEETS ESET HEHE SOR EED 


Windows 2000/2003, NT, IIS, Exchange and 
SQL Server now; support for other platforms, 
including Unix and Linux, expected later. 


Mainview for Linux runs on IBM zSeries 
mainframes and its z/VM operating system; Patrol 
for Oracle runs on Linux virtual machines on the 
ZSeries and on Intel-based platforms. 


A variety of Windows, Unix and Linux platforms. 


Windows NT Server 4.0 and higher, 
Windows NT Workstation 4.0 and higher, and 
Microsoft SQL Server 2000 or higher. 


Windows 9x, Windows NT Server or Workstation 
3.5 or higher, and Windows 2000 or higher. 


Windows, Linux and AIX now; 
HP-UX within nine months. 
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Pricing begins at $200 per managed server 
and $5 per managed workstation. It requires 
bv-Control, which is $795 per server 
and includes software update capabilities. 


Patrol for Oracle on Linux starts at $1,440 per 
workgroup server. Mainview for Linux Servers 
starts at $170 per desktop. 


Pricing for each begins at $189 per server. 


Pricing begins at $995 per server and 
$30 per workstation. 


SMS begins at $1,129 per server; 
MOM begins at $349 per processor. 


Pricing begins at $8,000 for Intel platforms 
(one server managed) and at $15,750 for Unix 
platforms (one server managed). 
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We can. That's why IBM has devoted a tremendous amount of resources to Linux. 
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E-learning simulation frameworks have 
become cheaper and easier to deploy, 
leading many companies to apply them to 
on-the-job training. By Thomas Hoffman 


HEN ONE OF THE 250 cus- ; such as AT&T Corp. and the U.S. De- 


tomer service represen- 

tatives in Time Warner 

Cable Inc.’s Western 

Ohio division is unsure 
how to enter a customer service work 
order into the company’s subscriber 
management database, he clicks on an 
e-learning simulation of the applica- 
tion to get a step-by-step tutorial. 

Like other modularized simulations 
available through Time Warner Cable’s 
intranet, the work-order simulation 
(developed using SoftSim from Out- 
Start Inc. in Boston) lasts only about 
five minutes. And because users are 
able to toggle between the simulation 
and the subscriber management data- 
base, they’re able to get on-the-job 
training in addition to their initial 15 
days of classroom training. 

“Once we release [customer service 
representatives] to the field, we'd 
rather not take them out of production 
for follow-up training, if it’s something 
we can deliver to the desktop,” says 
John P. Sullivan, director of training 
and development at Time Warner 
Cable’s Western Ohio division, in 
Kettering. And although the company 
hasn’t tried to measure the productivi- 
ty gains that on-the-job e-learning 
simulations are providing, he says, 
“our call center directors are telling 
us how valuable this is.” 

Time Warner Cable’s experiences 
with e-learning simulations are consis- 
tent with those of other organizations, 


IONS 





partment of Agriculture (USDA). 

Recent improvements in compres- 
sion technology and wider availability 
of high-speed network bandwidth have 
made it possible for companies to in- 
stall simulations throughout corporate 
networks and intranets while adding 
high-fidelity multimedia such as 
streaming audio and video, says Steve 
Walsh, director of marketing at X.HLP 
Technologies ASA in Waltham, Mass. 

“It’s fairly easy now to put the same 
information on everybody’s desktops 
and update content as needed” using a 
distributed Internet-based approach, 
says Rich Mesch, vice president of 
design and development at Strategic 
Management Group Inc., an e-learning 
systems provider in Philadelphia. 

“That’s a real boon for business 
simulation, where business [require- 
ments] can change daily and compa- 
nies struggle to get a common message 
out to everyone,” says Mesch. Plus, in- 
tranet- and network-based simulations 
make it easier for companies to store 
and track user data, he adds. 


Widely Dispersed Users 
The USDA is one organization that’s 
using simulations as a training re- 
source. In April, the agency began 
rolling out Cary, N.C.-based Global 
Knowledge Inc.’s OnDemand simula- 
tion system to provide 60,000 geo- 
graphically dispersed federal workers, 
including about 500 human resources 
managers, with step-by-step instruc- 
tions on the use of PeopleSoft Inc.’s 
PeopleSoft 8.0 human resource man- 
agement system (see “The USDA's 
E-Learning Simulation,” next page). 
With so many potential users strewn 
across the country, “it’s very helpful 
that I don’t have to install this on indi- 
vidual machines, that it’s available via 
the Internet,” says Hans Heidenreich, 
a USDA project director based in 
Beltsville, Md. 
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But the biggest drivers of customer 
adoption of e-learning simulations 
have been lower costs and the emer- 
gence of reusable frameworks that let 
instructors create and deploy text, 
audio and video content on the fly. 

“A couple of years ago, you might 
have been talking $200,000 for an 
hour-long course,” says James Lundy, a 
vice president at Stamford, Conn.- 
based Gartner Inc. “Today, using still 
shots instead of custom video, you’re 
talking $20,000.” And although a high- 
end simulation complete with rich au- 
dio and video capabilities can run as 
high as $5 million, low-end, text-based 
simulations can cost as little as $10,000 
to develop, he adds. 

Overall, simulation systems don’t 
cost as much as they used to, and Web- 
based technologies are getting easier 
to deploy and don’t require an expen- 
sive, high-powered Unix workstation 
to run them, says Lundy. These days, 
companies can run Web-based e-learn- 
ing simulations on a standard PC that’s 
equipped with “a little extra horse- 
power,” he says. 

That may help explain why spending 
on e-learning training is projected to 
grow by 20% to 30% this year, even 
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though spending by North American 
businesses on corporate training re- 
mains flat, according to Mike Brennan, 
an analyst at IDC in Framingham, 
Mass. Globaily, annual spending on 
e-learning amounts to between $3 bil- 
lion and $4 billion, according to Gart- 
ner estimates. 


Building the Modules 


The framework-based approach, where 
companies can use simulation tem- 
plates and simply drop in content for a 
particular discipline (such as CRM or 
sales training), has been a shot in the 
arm for training managers. “What 
we've seen mature are tools that allow 
us to reduce the time it takes to build 
something out,” says Garry Moore, di- 
rector of e-learning at AT&T Business 
in Tampa, Fla. 

Duncan Lennox, chief technology 
officer and co-founder of Waltham, 
Mass.-based e-learning software com- 
pany WBT Systems North America 
LLC, says framework vendors “provide 
the plumbing, and the content is the 
water that flows through our pipes.” 

Over the past two years, AT&T has 
focused e-learning simulations in three 
core areas: software training (both off- 
the-shelf and proprietary applica- 
tions), sales training and performance 
management. AT&T is using a tem- 
plate approach that gives it a simula- 
tion framework. “We pour the content 
into it,” says Moore. 

It helps that e-learning simulations 
themselves have gotten better. Simula- 
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tions “used to be very video-game-like, 
and now they closely imitate the real 
world, some more than others,” says 
IDC’s Brennan. 

Before it began developing its own 
e-learning simulations two years ago 
using a variety of framework products, 
AT&T relied on Macromedia Inc.’s 
Flash animation software. Now, says 
Moore, “there are a number of prod- 
ucts on the market with [graphical 
user] interfaces that allow you to 
create simulations.” 

Most large, geographically dispersed 
organizations tend to favor a blended 
learning approach, where employees 
can receive training in a variety of 
formats, including classroom training, 
CD/ROM-based training they can do 
in their off-hours, and other high- and 
low-bandwidth approaches. 

Even though providing bandwidth is 
part of AT&T’s business, some of its 
employees still have low-bandwidth 
connections. For them, AT&T offers 
several e-learning options that include 
a TV-news-style “talking heads” moti- 
vational piece where low-bandwidth 
users can see still photos and text in- 
stead of video, says Moore. 


Getting Smarter 


Next-generation systems will include 
advanced simulation engines, analo- 
gous to decision trees, “that allow the 
users to flow through a simulation 
without [the IT department] having to 
hard-code everything,” says Gartner’s 
Lundy. 

So if a student is running a sales sim- 
ulation and answers a question wrong, 
he says, “the system is smart enough to 
to take you back to a section of the 
course and do a review of that content, 
and you're not even aware that the sys- 
tem is doing that for you.” 

While many companies are bullish 
about the knowledge transfer that 
e-learning simulations have provided 
to their employees, most organizations 
are intent on sticking with a so-called 
blended learning environment that 
encompasses e-learning, classroom 
training and other educational formats. 

Says Time Warner’s Sullivan, 
“There’s a learning curve that people 
go through as e-learners. Some people 
prefer having a person to interact with. 
That’s why we haven’t done away with 
instructor-led training, because that’s 
still the most effective way to train.” D 


MORE RESOURCES 


For a list of vendors that offer e-learning simulation 
software tools and related services, visit our Web site: 
©) QuickLink 39901 





Standards 
Drive E-Learning 
Advances 


The adoption of e-learning-related stan- 
dards by the government and corpora- 
tions has played a significant role in the 
advancement of e-learning simulations. 
The standards that are being introduced 
include the Sharable Content Object 
Reference Model (SCORM), part of the 
U.S. Department of Defense's Ad- 
vanced Distributed Learning (ADL) ini- 
tiative, as well as several interoperability 
guidelines from the Aviation Industry 
CBT Committee (AICC). 

SCORM, which dictates how content 
must be packaged to allow for inter- 
operability in learning management en- 
vironments, “has become the de facto 
standard” for e-learning content and 
management runtimes, says Jack E 
Lee, president and CEO of Knowledge 
Management Solutions Inc., an e-learn- 
ing systems provider in Linthicum, Md. 

Several standards organizations are 
discussing the next generation of Web- 
based learning architectures. The ADL 
Technical Team is working with IMS 
Global Learning Consortium Inc. and the 
Institute of Electrical and Electronics En- 
gineers Inc. to explore ways to expand 
upon SCORM in areas such as learner 
information profiles, assessments, data 
models and application programming 
interfaces such as SOAP. 

The AICC works on guidelines for the 
aviation industry in the development, 
delivery and evaluation of computer- 
based training (CBT) and related train- 
ing technologies. This includes guide- 
lines to enable interoperability between 
CBT systems that can be used by com- 
panies outside of the aviation sector. 

Another standard, the Defense De- 
partment’s High Level Architecture for 
Simulation (HLA), is aimed at achieving 
a common technical architecture for use 
across all classes of simulations within 
the department. It provides the structur- 
al basis for simulation interoperability. 
HLA is also being adopted by compa- 
nies in the private sector, says Lee. 

USDA project director Hans Heiden- 
reich is running a simulation project to 
provide PeopleSoft human resources 
management systems training to some 
60,000 workers. Heidenreich hasn't fo- 
cused on standards, but he says they'll 
be important down the road. 

- Thomas Hoffman 
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Putting the 
Pieces logether 


IBM’s software strategy chief looks for a way to integrate 
five product groups and provide a common architecture for users. 


As vice president of 
strategy for IBM’s $13 
billion software group, 
Jeanette Horan says her 
prime mission is unify- 
ing the company’s soft- 
ware product groups un- 
der a single architecture. 
Horan had served as 
vice president for devel- 
opment at IBM’s Lotus 
Software Group, but at the beginning of 
this year, she took on the broader respon- 
sibility of working on initiatives that 
span the entire software group’s five 
brands — Lotus, WebSphere, DB2, Tivoli 
and Rational, a development tools com- 
pany IBM acquired in the past year. 
Horan recently spoke with Computer- 
world’s Carol Sliwa about her ongoing 
efforts. Excerpts follow: 


What have been your areas of focus since 
taking the new job? More of our cus- 
tomers are looking to be able to buy 
the complete stack of IBM middleware. 
And they have these strange expecta- 
tions that these things will actually 
work together. So from a technology 
strategy point of view — which is real- 
ly one of the key focus areas that we 
have for the group — we’re looking at 
the underlying technologies that run 
across all of the different brand groups 
and how we can move things forward 
such that we really can have this very 
integrated, interoperable stack. 

If you look at the products we have 
in play, some of them were main- 
frame/legacy products that are still be- 
ing used in many, many enterprise ap- 
plications today. Our real focus over 
the last couple of years has been mov- 
ing toward this open-standards-based 
platform based on the J2EE operation 
environment. What we recognized is 
that when you move toward that kind 
of a platform, we will have a lot of op- 





portunity to reuse components. A core 


| element of the whole J2EE program- 


ming model and Web services is to be 
able to take specific features or func- 


| tions and express them in ways that 


they can be reused in the context of 
multiple applications. 


| Can you cite examples? There were re- 
| cent Lotus-brand product announce- 


ments in the money management sys- 
tem and the Lotus Web-based messag- 
ing product. They are applications 
built on the programming model and 
on the infrastructure stack that we are 
delivering to other customers. If you 
look under the covers of one of those 
products, you will find a WebSphere 
engine embedded in the product that 


| actually is the application server run- 


ning those particular applications. 
The challenge for us is, How do we 


p(y 
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Background: Prior to 
joining Lotus, Horan 
spent four years at Dig- 
ital Equipment Corp., 
where she was vice 
president of develop- 
ment for the AltaVista 
business. She has also 
served as an e: i 
manager for the Open 
Software Foundation. 





develop and deliver technologies like 
the WebSphere engine itself in a way 
that it can be easily consumed by these 
other applications so that we don’t 
have to reimplement the same func- 
tionality by decomposing the products 


| into these componentized models? 


Then the other groups, the other 
brands, can pick up the pieces that they 
need and be able to build their own ap- 
plications much more quickly. If you 
look at something like the Lotus Web- 
based messaging product, that went 
from drawing board to release in less 
than a year, which, for an enterprise- 
scale product, is pretty impressive. 


IBM has had a hodgepodge of technologies 
in its software products. That certainly is 
where we’ve come from, and that’s ac- 
tually where just about every customer 
is today. If you look at the investments 
customers have made in enterprise ap- 
plications over the last 10 years, they 
have applications that are built on dif- 
ferent stacks and different infrastruc- 
ture layers. So the core part of our 
strategy is to rebase all of our own ap- 
plications and our own products onto 
that common infrastructure layer. 


And the common infrastructure layer is Java? 
Absolutely. It’s a J2EE-based model. 


Are you doing 100% of the product develop- 
ment in Java? Not 100%. Some of our 
products are still written in C, C++, 
and we'll make decisions that are ap- 
propriate for the particular product or 
technology. Where we're rehosting 
something on WebSphere, it’s going to 
stay where it was, [with] whatever 
language it was in. Where we’re start- 
ing from a blank sheet of paper, we 
decide what’s the appropriate technol- 
ogy. With something like the Lotus 
Web-based messaging product, we 
chose Java. 
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What technologies are you using to connect 
components? In some cases, we are ex- 
pressing everything as Web services so 
they can be called using SOAP calls, 
WSDL [Web Services Description Lan- 
guage] calls, if an application develop- 
er chooses to do that. But in many cas- 
es, when we were using [Enterprise 
JavaBeans] or we were building out to 
the component layer in WebSphere it- 
self — depending upon what the appli- 
cation specifically needs, which ser- 
vices it needs, what’s the most efficient 
way, what’s the highest-performance 
way — we really are looking through 
each application at whatever is the 
right technology for them to use. 


Are you wrappering or completely rearchi- 
tecting products? There are many appli- 
cations or infrastructure middleware 
that will remain essentially as they are 
but will then have the wrappers and in- 
terfaces. With things like MQ or CICS, 
we're not going to rip those apart. 
They’re stable application environ- 
ments, and we want to be able to allow 
them to participate in the new model. 

But where it makes sense for some 
of our other technologies, it really is a 
rearchitecture. And you see in many 
cases where that’s happening in the 
Lotus brand, in the Tivoli brand, [and] 
with a number of the acquisitions that 
we’ve done. 


What will be the ultimate benefit for cus- 
tomers? In the enterprise, look at the 
investments that they’ve made over the 
last 10 years with their enterprise ap- 
plications. They tell us that they’re get- 
ting some benefit out of that, whether 
it’s an SAP or a PeopleSoft or a Siebel 
implementation. But what they are not 
seeing is the real ability to drive a busi- 
ness process across all of those enter- 
prise applications. That’s what they’re 


| looking for. 


The other thing that I see is this no- 
tion of extended value chain and how 
do you relate to your suppliers or your 
channel. Our customers are saying, 
“OK, I’ve done the simple things. I’ve 
put up a portal so that my dealers can 
communicate with me. But what I real- 
ly want to do is take it to the next level. 
I want a new level of integration and 
automation with all of their systems, 
because a lot of times, they can’t dic- 
tate what’s going on in their suppliers 
and dealers.” D 


LOOKING AHEAD 


For more of Jeanette Horan’s comments on IBM's 
software strategy, visit our Web site: 


QuickLink 40281 
www.computerworld.com 
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N JUST FOUR MONTHS, students 
at Carnegie Mellon University 
(CMU) have built an “interactive 
physical and digital workspace,” a | 
prototype meeting reom that 
could herald the future of interactive 
collaboration by design teams. 
At first glance, the Pittsburgh-based 
university’s “Barn” could be any meet- 
ing room, with tables and chairs and a 


whiteboard. But take a closer look and 
ccusnlliieed you'll see cameras, projectors, 


FUTURE 
WATCHQ 
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| 
| 
| 
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| 
| 
| 
| 
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microphones, speakers and 
electronic pens mounted on 
the walls and ceiling. 

You'll see project team 
members log into the Barn by 
presenting wearable radio-frequency 
identification tags to an electronic 


| control panel. They wear sensors that 


identify them and track their locations 
as meetings unfold. At their first meet- 
ing, one of them will enter some group 
identification data, establishing a per- 

sistent virtual workspace for the life of 


Peter 


Ra Se RUC MLO EEC eel meu cee Uae cue Conte ae 
ware read head-mounted “badges” See ee dees 


SMART 
ROOM 


iT-assisted workspace 
boost design productivity. 


scan | 


By Gary H. Anthes | 


| Surface” 





the project. Fed by information from 
numerous devices, the Barn begins 
recording the meeting in its audio, 
video and data logs. 

A student approaches the “Thinking 
— an intelligent interactive 
display built into a digital whiteboard 
— and sketches out an idea, which is 
then recorded in the meeting log along 
with her comments to the group. In re- 
sponse, someone at a table uses an 
electronic pen to circle a drawing on 


| his PC, causing it to be projected onto 


the Thinking Surface, where it’s also 
recorded. 

“Social geometry” software knows 
the locations of attendees and adjusts 
lights and microphones accordingly. 

When a decision is made or an im- 
portant concept comes up, someone 
hits the TWI — “that was important” 
— button on his computer, adding a 
flag at the appropriate place in the 
meeting logs. A member of the group 
who was unable to attend can, via the 
Barn Web portal, later fast-forward 
through the meeting remotely, pausing 
at TWI markers. Or he can “attend” 
the meeting — or any past meeting — 
in its entirety, listening to and reading 
the meeting logs and studying images 
saved from the Thinking Surface. 

The Barn and its Thinking Surface 
have been constructed to facilitate 
meetings whose goal is to produce 


some kind of design, whether software, 


hardware or a consumer product, says 
Asim Smailagic, a faculty adviser for 
the project. “It’s for brainstorming, 
idea generation, knowledge generation 
and knowledge transfer,” he says. 


The Barn is noteworthy for the sheer 


number of features researchers 
thought to add to it, says Ted Selker, a 
professor at the Media Lab at MIT. “It’s 
a typical CMU project. They are won- 
derful at doing the kitchen sink of x.” 
Selker praises the Barn’s capability 
to record all aspects of a meeting. “We 
all feel disturbed about the ephemeral- 
ness of conversations. If you have a 
meeting that you don’t talk about again 
for two weeks, you have basically for- 
gotten it. It didn’t exist.” 
Dan Siewiorek, director of 
the Human-Computer In- 
teraction Institute at 
Carnegie Mellon, says 
large project teams with 
semi-independent sub- 
groups face a coordina- 
tion problem — how to ensure 
that the groups don’t make conflicting 
decisions that that must be undone lat- 
er, sometimes at great cost. 
Siewiorek says future Barn research 
will tackle that problem by letting a li- 
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Traditional meeting rooms 
have several drawbacks, 
including these: 


| aison in each subgroup audit the meet- 


ings of other groups from afar. But the 
liaison won't have to listen to the en- 
tire meeting, because the Barn will rec- 


| ognize keywords that the person might 
| be interested in and alert him when a 


topic of interest arises. 

“The Barn software could be check- 
ing conversations and ideas and things 
appearing on the whiteboards, and if 


| something comes up that relates to an- 


| tion goes 


other group, the focus of the remote 
person could be drawn to the current 
conversation,” Siewiorek explains. 
Work on IT support for collabora- 
s back decades, and the land- 


| scape is littered with cool ideas that 


| chairs. “ 


| 
| 
| 


never went anywhere, says Daniel Bo- 
brow, a research fellow at Palo Alto Re- 
search Center Inc. He says IT re- 
searchers often put technology ahead 
of human factors. “They have a solu- 
tion they think will help, then they go 
looking for a problem,” he says. “They 
put in all the technology bells and 
whistles they can think of, but when 
they get done, it doesn’t fit the prac- 
tices of the people.” 

But Siewiorek says CMU researchers 


| consider human issues first, then tech- 


nology, and nontechnical project advis- 
ers at the school help with this. For ex- 
ample, one of them suggested that 
Barn meeting attendees be given bar 
stools to sit on rather than ordinary 
Then they are more likely to 
get up and walk over to the Thinking 
Surface and draw, rather than sit and 

| type at their computers,” he says. D 


THINK HUMAN FACTORS 


Why does technology for collaboration often fail? 
To find out, visit our Web site 


QuickLink 40034 
www.computerworld.com 
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Data Center IDS 
Project a Nonstarter 


Policies, product limitations trip up 
plans for intrusion-detection system 
monitoring. By Vince Tuesday 


Y COMPANY has good 
security, but at times it’s 
too good. Occasionally 
users complain that the level 
of security is too high. When 
that happens, we try to work 
with them to find a way that 
they can still get their jobs 
done. But despite our best ef- 
forts, we can’t always find a 
solution. When that happens, 
either we in the IT security 
group have to bite the 
bullet and accept the 
risk, or the users 
must accept the fact 
that they can’t do 
what they wanted. 
Recently, however, 
we were on the re- 
ceiving end, when a security 
project was derailed by prod- 
uct limitations and the poli- 
cies of our networking team. 
The problem came up as we 
began outfitting and configur- 
ing a new data center. It’s al- 
ways a pleasure to work on a 
“greenfield” IT project be- 
cause you can avoid compro- 
mises made by others in the 
past. It seemed the perfect 
time to update and deploy im- 
provements to our monitoring 
infrastructure. 
We currently run host- 
based intrusion detection 
on all desktops and critical 
servers, and we run network- 
based intrusion detection at 
our perimeter entry and exit 
points. Although Gartner Inc. 
analysts recently predicted the 
imminent demise of intrusion- 
detection systems (IDS), they 
have worked very well for us, 
and we're sticking with them 
in our new data center. We do 
see a threat from the increase 
in encrypted network traffic 
that’s blinding our IDSs. De- 
spite this, our experiences tell 
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us that a network IDS will con- 
tinue to be valuable. 

We know that our IDSs 
would work even better if we 
included them on internal net- 
| work segments. That would 
| provide protection against in- 
| sider threats, in addition to 
| what we get from our host- 
| based IDS. 

Until now, we’ve limited our 

IDSs to the perimeter net- 
works because the 
devices could only 
handle those low- 
bandwidth segments 
and because we 
have a relatively 
small number of 
external points. But 
| our newer IDS products sup- 
| port gigabit speeds. Coping 
| with high traffic volumes isn’t 
| an issue, although we do have 
| to conquer the complexity of 
| getting the data to our sensors. 


Switch Disconnect 
Many years ago, we helped 
| push the deployment of a 
| switched Ethernet LAN. With 
| properly configured switches, 
data goes only to those sys- 
| tems involved in the conversa- 
tion. Traditional managed 
hubs, in contrast, send a copy 
| of the data to every system in 


We'd love to... 
use the span ports 
to collect data, but 
our network moni- 
toring systems are 

already using them. 








a LAN segment and only the 


| intended recipient reads it. 


Switches are great for per- 
formance and for protecting 
data in transit, but we need 
centralized access to all the 
data in transit so we can mon- 
itor it. In the old days, we 


| could configure an IDS serv- 


er’s network adapter to run in 


| promiscuous mode and search 


the traffic for bad behavior. 
This doesn’t work when con- 
necting to a switch. 

Network managers need 
to see traffic in order to trou- 


| bleshoot problems on the net- 


work, so network equipment 
vendors typically include a 


| switch port analyzer, or “span” 


port, that can take a copy of 
all the data and send it out 
over a single connection. We'd 
love to configure our IDSs to 
use the span ports to collect 
data, but our network moni- 
toring systems are already 
using them. 

To get around this, some 
vendors sell taps, which read 
the network data without al- 
tering the flow. In theory, we 


| could tap the span port data 


as it heads to the network 
troubleshooting system and 
send a copy to our IDS. The 
problem is that every tap we 
can find isn’t designed for a 
data center. 

Most devices have one of 


| those tiny 9-volt power con- 


verters that you used to see 
on calculators. I worry that 
whenever the wire wobbles, 
the power on the tap will go 
on and off and introduce er- 
rors on the tapped line. You 
can imagine how happy our 
network team would be if we 
introduced errors on the sys- 
tems they use to try and find 
the real errors. This approach 
was a nonstarter. 

Cisco Systems Inc. sells an 
IDS card that fits into a slot in 
its switches to monitor the 
switch traffic. This would 





solve the problem, but the cost 
of equipping all of our switch- 
es with these devices is pro- 
hibitive. Also, we don’t like 
Cisco’s management tools for 
its IDSs and prefer those from 
our current vendor. 

There are vendors that sell 
specialized systems to copy 
flows to multiple ports and 
even tune which data gets sent 
so you don’t overload the IDS 
with encrypted data it can’t 
analyze. However, our net- 
work team has a simple rule: If 
it doesn’t have a Cisco badge, 
it doesn’t go on the network. 

The latest Cisco products 
let you have more than one 
span port on a switch, but 
we've had a few performance 
problems, and the code is rela- 
tively untested in our environ- 
ment. We don’t want to put 
potentially unstable code into 
a new data center. Perhaps it’s 
the perfect long-term solution, 
but we'd like to get the ex- 
panded monitoring in during 
the deployment rather than 
add it later. 

The last idea my team and I 
had was to plug the span port 
into a managed hub and then 
use that to copy the data and 
send it to the troubleshooting 
box and our IDS. We would 
have an extra item taking up 
space in the cabinet, but it 
would be stable and fairly 
cheap, since hubs are old tech- 
nology. It would even pass the 
Cisco badge test, we thought. 

But there was one problem: 
Cisco doesn’t sell managed 
hubs anymore. We’ve got a fair 
number of spares around that 
we could use, but these were 
taken out of service and are 


| destined for the trash. And 


putting worn and scuffed 
equipment into the new data 
center doesn’t seem like a 
good idea. So it’s back to the 
drawing board. Meanwhile, if 
any readers have better ideas, 
I'd like to hear them. D 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “Vince Tuesday,” whose 
name and employer have been disguised 
for obvious reasons. Contact him at vince 
tuesday@hushmail.com, or join the dis- 
forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 


@ computerworld.com/secjournal 
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dors, and it’s a quality refer- 
ence for all networks. 
- Vince Tuesday 


Mailblocks Offers 
Antispam Service 
Los Altos, Calif.-based start- 
up Mailblocks Inc. has an- 
nounced Challenge/Response 
2.0. The service collects valid 
responses from legitimate 
e-mail senders in a master list, 
according to Phil Goldman, 
Mailblocks’ CEO. Senders who 
complete a successful chal- 
lenge/response exchange for a 
single Mailblocks user won't 
be challenged again, provided 
that they don’t start sending 
spam. The service is $9.95 
annually per user. 


ArcSight Adds XML 


Sunnyvale, Calif.-based soft- 
ware vendor ArcSight Inc. has 
announced support for the 
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Voyence Offers Net 


Configuration Tool 


Voyence Inc. in Richardson, 
Texas, this week plans to an- 
nounce its integrated Extensible 
Device Configuration Manage- 
ment Engine, which is designed 
to help manage the configuration 
of network devices from more 
than 20 vendors. The appliance 
runs on Linux and will be free to 
existing Voyence customers. The 
base price is $50,000 for new 
customers. 


Compuware 
Updates Java Tools 


Detroit-based Compuware Corp. 
last month announced Version 
3.0 of its OptimalJ development 
environment for enterprise Java 
applications. New features in- 
clude plug-ins for IBM’s Web- 
Sphere Studio Application Devel- 
oper and Sun Microsystems Inc.’s 
Sun ONE Studio. With the new re- 
lease, Compuware has added a 
Developer Edition of OptimalJ 
that includes code-visualization 
capabilities and an application 
structure analysis tool. Pricing 
starts at $800 for the Developer 
Edition, $5,000 for the Profes- 
sional Edition and $10,000 for 
the Architecture Edition. 


Unisys, EMC Offer 
Recovery Services 


Unisys Corp. in Blue Bell, Pa., has | 


partnered with EMC Corp. in Hop- 
kinton, Mass., to provide Unisys 
ES7000 and ClearPath main- 
frame customers with disaster 
recovery services based on EMC 
software. Unisys said it has also 
become a member of EMC’s Au- 
thorized Services Network. 


Software Helps 
With Compliance 


Colorado Springs-based Optika 
Inc. last week introduced its 
Acorde Compliance Suite, which 
is designed to help companies 
comply with legislation such as 
the Sarbanes-Oxley Act. 
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HE WORDS synergy and consolidation are 


Public announcements promise huge cost 

savings. Magazine articles celebrate suc- 

cess. There is, however, no evidence that 
the promises are actually kept. I don’t know of a single 
verifiable case where IT-related preconsolidation indi- 
cators were compared with postconsolidation results. 


For the past 20 years, I 
have been tracking the IT 
costs of corporate informa- 
tion management. For in- 
stance, in a Computerworld 
column in May 2001 
(QuickLink 19925], I ex- 
pressed doubts about the 
effectiveness of J.P. Mor- 
gan’s outsourcing deal with 
four IT vendors. My obser- 
vation couldn’t be tracked 
further because at the end 
of 2000, J.P. Morgan 
merged with the giant 
Chase Manhattan bank, 
and its reporting as a separate firm 
ceased. It just so happens that the 
combined bank (J.P. Morgan Chase) 
restated its historical financial reports 
to reflect the combined results. Ex- 
penses for “technology and communi- 


cations” increased from $2.17 billion in | 


1998 to $2.55 billion in 2002. 

The following is a comparison of 
consolidated premerger (1998-2000) 
results with postmerger (2001-2002) 


Performance 
Indicators 


Net revenue 

IT 

Net income 
[T/compensation expense 
IT/net revenue 

[T/profit 

IT/equity 


data. The analysis is based 
exclusively on the bank’s 
reports to shareholders 
and to the Securities and 
Exchange Commission. It 
offers a rare glimpse into 
how the results from IT 


ated (see chart below). 
At the time of the merg- 
er, the bank’s top manage- 


merger will create pretax 
synergies of $3 billion, 

$2 billion of cost savings 
and $i billion of incremen- 


| tal net revenue.” Most of the synergies 


would materialize within two years, 


| company Officials said. A significant 

| share of the savings would come from 
| aconsolidation and integration of in- 
| formation systems. 


The table below shows that after the 
merger, the combined banks had lower 


| revenues and much lower profits. 
| However, it’s the deterioration in IT- 
related ratios that concerns me. The 


percentage of change 


reveal if consolidation 
delivered synergies. 
To demonstrate 

gains, at least one of 
the IT-related ratios 
would have to show 
improvement. IT/com- 
pensation should de- 
cline with rising effi- 
ciencies, but it increas- 
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| es 6%. IT/revenue should decline, but 
E 4 P a oes | it increases 26%. IT/profit and 
always linked with mergers or acquisitions. | )7/.)archolder equity should decline, 
| but they increase 294% and 3%, re- 

| spectively. Every indicator has turned 


in the wrong direction. Though deteri- 


| orating postmerger business condi- 


tions could be used as an excuse for 
the declines in revenues and profits, 


| the unfavorable rise in the IT ratios 
| suggests that the expected synergies 


didn’t show up. 
Claims of IT savings from consoli- 


dations will remain doubtful unless 

| there is a well-defined path showing 

| how the gains would be delivered. It’s 
| my understanding that J.P. Morgan 

| Chase didn’t anticipate the enormous 
| obstacles to achieving systems inte- 
consolidation can be evalu- | 


gration. How much of this was be- 


| cause of “governance” (that is, organi- 
| zational politics) and how much came 
| from the technical inability to merge 

ment said, “We believe this | 


the islands of automation will remain 


| a well-hidden story. 


The current economic climate fa- 
vors mergers and acquisitions. In each 
case, synergy is cited as a primary in- 


| centive to proceed. This is particularly 


true when damaged communications 


| firms or hard-pressed financial ser- 

| vices firms combine and centralize IT 
| management. The federal government 
| has also started consolidating informa- 


tion-handling for greater efficiency 
and to minimize the risk of technologi- 
cal failures. In each case, savings are 


| expected to come from lower IT costs. 


The disappointments from the am- 


| ply funded and technologically sophis- 
in the indicators should | 


ticated J.P. Morgan Chase IT consoli- 
dation should serve as a warning. The 
road to synergy is studded with mines. 


| Top executives shouldn’t promise IT 


improvements unless they have taken 


| the trouble to understand what it will 


take to get the job done. D 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 





Got a mobile or wireless 
solution so good it’s 
worthy of an award? 


Nominate it for Computerworld’s (cg) 
“Best Practices in Mobile Mobile & pjsreee 


& Wireless Awards Program!” Wireigss PRACTICES 
Computerworld is seeking IT user-organization case ——_ on MOBI ae 
study submissions for consideration and recognition. COMPUTERWORLD AS) WI eas LES S 


0) AWARDS PROGRAM 


This program will evaluate, select and recognize ten Mobile and/or Wireless 
Technology “Best Practices” based on case studies highlighting successful or 
noteworthy solution implementation projects and deployments in the 
following categories: 

e Systems Implementation 

e Systems Reliability 

e Information Security 

e Financial Payback 

e Innovation and Promise 


Nominations are welcomed from IT Users/Implementers; Systems Integrators/Consultants; IT vendors on behalf of 
customers, or, their own In-House Deployment; and PR firms on behalf of clients. Multiple submissions of case 
studies describing different deployments per company/organization will be considered. 


Winners will be featured in a special Computerworld supplement profiling the company and submitted case study. 


Submit your nomination! 


Complete the nomination form at: computerworld.com/bestinmobilewireless 
But hurry! The deadline is Monday, August 18th at 9:00pm Eastern time. 


PRODUCED BY. AWARDS PROGRAM SPONSORED BY: 
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Readiness Relies on Talent | ‘Team Schein’ Saves the Day | Nurture the New 

The Navy is giving its personnel Henry Schein Inc.’s CIO, Jim Project Manager 

control over career options and Harding, recruited an in-house . New IT project managers need 
training in an effort to retain talent | data warehouse team after a patient, supportive supervision 

and improve its readiness, says | consulting firm went bankrupt six while they adjust to their new roles, 
Rear Adm. John Cryer. Page 36 months into the project. Page 38 ‘ says columnist Paul Glen. Page 40 





The sluggish economy, IT talent shortages, the complexi- 
ty of ERP and executive skepticism about the value of in- 
house IT are ail contributing to the interest in ERP out- 
sourcing. “Increasingly, business executives ask, ‘Is there 
an intrinsic value to the ownership of technology? Or can an 
equivalent value be obtained via a packaged or outsourced 
approach?’ ” says Jeff Kaplan, managing director of 
ThinkStrategies, a consultancy in Wellesley, Mass. 

On the other hand, ClOs at large companies often say ERP 
is at the core of the business and is too mission-critical to 
farm out. They variously describe it as the backbone, central 
nervous system or brains of the company. 

Should you outsource ERP? The decision varies by company, 
of course. Here’s a look at the debate and factors to consider. 


ATR RTH BY BARBARA DEPOMPA 
ERP systems aren’t much fun to 
WATCH buy, install, deploy or maintain. In 
fact, some of the biggest horror sto- 
ries in corporate IT have involved ERP systems. And since 
they’re widely used in large corporations, they hardly pro- 
vide much competitive advantage anymore. 
Meanwhile, some midsize companies are just starting to 
consider investing in (or upgrading) ERP systems, and & 


they’re wondering whether they want to go through the has- 

sle by themselves. The benefits and trade-offs of outsourcing : ERP application and deliver it as a service via a secure net- 

ERP were hot topics at Gartner Inc.’s recent Midsize Enter- work link. The fee can range from $300 to more than 

prise Summit, says Gartner analyst Robert Anderson. $1,000 per user, depending on the vendor, configuration and 
Typically, an outsourcer charges a monthly fee to host an : level of services, Anderson says. 


SOO eee reese eeeeeeseseeeeeeseesseeees 


THE BIGGEST ADVANTAGE OF OUTSOURCING ERP is that doing so : za 3 : THE BIGGEST TO OUTSOURCING ERP are the risks 
gives you the ability to focus on the company’s core : ¢ involved in not controlling daily ERP operations in- 
mission rather than fiddling with ERP software. ; ; house — risks that include devastating downtime 

In mid-2001, Mission Linen Supply Inc. in Santa % and the loss of valuable operational data 
Barbara, Calif., faced a major technology overhaul na a Informatica Corp. in Redwood City, Calif., consid- 
because its aging mainframe couldn’t provide the Pret ‘ ered such risks to be too great. 
flexible reporting the business increasingly needed. pias" Informatica currently uses PeopleSoft Inc.’s ERP 

A privately held company that provides linen and , software. Three years ago, the company outsourced 
uniform services, Mission Linen had grown into an Se the human resources portion of the suite, because “if 
operation with more 3,000 employees in 50 locations. peel HR goes down, the business will still continue to 
But the business hadn't kept pace technologically. Af- om run,” says Tony Young, senior director of IT applica- 
ter examining the options — including the purchase ye tions. But Informatica draws the line there. 
of a new server system and ERP software — it be- j 3 "| Two things keep Informatica from moving more of 
came clear that the training, additional personnel Basi ctr its ERP applications to an ASP. First, because Infor- 
and capital expenditures required for new ERP soft- eee ees sue matica is in the data analytics business, Young says it 
ware were unattractive. “With the amount of work s Bs: already has a “world-class data center.” Second, some 
involved in hiring and bringing our data center up to S eee senior executives perceive outsourcing as simply too 
speed, it seemed much riskier to buy an ERP solution ; : 3 risky. “We have no plans to outsource any other ERP- 

See Yes! page 34 : ; ee See No! page 34 
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With the amount of work 

involved in hiring and bringing 
our data center up to speed, it seemed 
much riskier to buy an ERP solution 


than outsourcing the entire project. 


ROBERT SZERWO, CHIEF FINANCIAL OFFICER, 
MISSION LINEN SUPPLY INC 


Continued from page 33 
than outsourcing the entire project,” says Robert 
Szerwo, chief financial officer at Mission Linen. 

A thorough investigation of outsourcing alterna- 
tives led the company to choose SAP AG software 
hosted by BlueStar Solutions Inc., an application ser- 
vice provider (ASP) in Cupertino, Calif. The selec- 
tion process even included meeting BlueStar’s in- 
vestors and CEO Tom Kelly to make sure that the 
company would be in the ERP outsourcing business 
for the long term, Szerwo says. 

The upside of the arrangement is that Mission 
Linen doesn’t have to worry about managing its ERP 
software, Szerwo says. The downside is that — as 
with all outsourcing deals — any “gray areas” in the 





contract can cause headaches, says Tony Mancuso, 

SAP project manager at Mission Linen. | 
For example, when company growth exceeded ex- | 

pectations, Mission Linen was forced to upgrade to a 


| 
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new server — something that wasn’t contemplated in 
the original contract, so it cost more, Mancuso says. 
He advises other businesses to estimate growth po- 


| tential over the life of the contract to avoid any addi- 


tional costs. 
For some companies, especially midsize ones, it 
often seems impossible to compete with the big 


| companies for the IT talent needed to install an ERP 


system and keep it humming. San Jose-based Lumi- 
leds Lighting, a joint venture of Agilent Technolo- 
gies Inc. and Philips Lighting, was launched in late 
1999 without a budget for an IT staff, though it got 
one later. “That’s how we came to consider out- 
sourcing. We had chosen J.D. Edwards for our ERP 
software platform, but weren’t sure how to source 
and run it,” says Neil Bostock, CFO at Lumileds. 
Because Lumileds didn’t have the money, or the 
desire, to gain expertise in running a data center, 
Bostock turned to BlueStar to handle all of Lumileds’ 
ERP operations. “ERP is clearly mission-critical. If 


| those applications went down, we would be dead. 


But we also know we surely couldn’t do better on our 
own,” he says. 

Bostock says BlueStar has a far greater ability to 
manage daily ERP operations and a greater depth 
of resources to handle situations as they arise than 
Lumileds would if it ran an in-house system. In June, 


| Lumileds signed on for another three years with the 


outsourcer. Bostock says he’s not sure his company 
could run ERP in-house for less money than what it 


| has paid BlueStar so far. 


For both customers, the only real concern about 
their choice of outsourcing supplier was a general 
fear about BlueStar’s longevity, given the past two 
years of economic and IT market troubles. But both 
say their concerns have subsided and they’re pleased 
with the services received. 
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| tractor could possibly do what needs to be done to 


RIS \ 
We would never consider 
[outsourcing ERP], because we 
have alwaysbeentaughtyounever 
hand off the brains of your operation, | 


though you may want to farm out 


for extra arms and legs. 
MIKE GAYNOR, ClO, FEDERAL-MOGUL CORP 


22 


Continued from page 33 
related applications at this time,” says Young. 
Mike Gaynor, the CIO at Federal-Mogul Corp. in 
Southfield, Mich., is also in that camp. An automo- 
tive parts company, Federal-Mogul is facing a mon- 
strous ERP integration challenge: It has grown quick- 
ly via acquisitions and needs to consolidate at least | 
some of its 27 ERP implementations. 
Gaynor says there’s no way an outsourcing con- 


consolidate, manage and maintain those critical ap- 


| plications. It comes down to trust and control. 


“We feel no outsider could gain enough of our 
trust to know what it takes to run our business and 
understand why things need to be done a certain 


| way. We must control the business operations, the 

| business-process development, project management 
| and change management. We can’t hand that off,” he 
| explains. 


So far, Federal-Mogul has managed to integrate 


| three SAP ERP systems into one, and it plans to con- 


solidate nine SAP ERP systems in Europe into one in 
about a year. “We would never consider [outsourcing 
ERP applications], because we have always been 
taught you never hand off the brains of your opera- 
tion, though you may want to farm out for extra arms 
and legs,” says Gaynor. 

One thing Gaynor would consider offloading to an 


| outside service provider is programming in SAP’s 

| programming language. “You can keep the brains in- 
| house and work with a partner to streamline proc- 

| esses, or come up with a more efficient means of sys- 
| tem support,” he says. D 


| DePompa is an independent writer and editor 


in Germantown, Md. She can be reached at 
bdepompa@comcast.net. 
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HOW T0 GO ABOUT I 


The only way to judge whether it’s a good idea to out- 
source any of a company's ERP workload is to closely ex- 
amine current in-house ERP capabilities to see if they're 
really critical to the way the organization conducts busi- 
ness. It's also a good idea to consider the following when 
evaluating the outsourcing option: 


a 


Figure out your business objectives first, “before out- 
sourcing vendors are invited for briefings. Don't make 
vendor selection or negotiation your first step,” warns 
Dean Davison, an analyst at Meta Group Inc. “Most impor- 
tantly, expectations need to be realistic and set ahead of 
time. Incorrect expectations are the primary reason why 
outsourcing arrangements are perceived as failures.” 


Ws 


Don’t expect immediate cost savings. “The myth that 
outsourcing is far less expensive than managing ERP ap- 
plications in-house is simply untrue,” says Gartner analyst 
Robert Anderson. Outsourcing may be more expensive, 
but it provides easier and more predictable budgeting. 


Make sure the vendor is strong in all of the geographi- 


cal areas of your deployment, including multisite and 
international operations, Anderson says. 


(i 


Work with a single point of contact at the outsourcing 
vendor - and make sure that person is responsible for 
the success of ERP operations. Plus, the contract should 
provide a clear escalation path to resolve problems, says 
Anderson. 


Le) 


Be sure to manage the outsourcing relationship, and 
don’t become overly dependent on the outsourcer. 
Outsourcing still requires in-house personnel who under- 
stand the applications and business processes involved, 
Anderson warns. 


0. 


Document software revisions and system changes - 
and keep the documentation in your possession. “This 
information is vital if you must switch outsourcing vendors 
or bring operations back in-house,” he notes. 


7 


Treat the contractor's on-site staff like employees. That 
means requiring them to attend staff meetings and adhere 
to company schedules. 


~- Barbara DePompa 
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IT replaced 200,000 | 
pieces of paper with 
a Web database and 
reporting tool. But 
employees missed their 
monthly paper reports. 
By Lucas Mearian 
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HEN EMPLOYEES at 
Huntington Banc- 
shares Inc. heard that 
their beloved paper 
report — called the 
balance sheet income 
report — was going to be transformed 
into a Web-based database, they 
weren't happy about it. 
Complaints came flooding in: 
m@ “My manager says I have to have 





these [paper] reports for my file every 
month.” 

= “I’m not going to be able to do my 
job anymore.” 

@ “I can’t possibly ask my people to 
learn this. I'll have to do it for them 
every month.” 

@ “You may have saved paper, but 
you have just doubled my workload.” 

@ And everyone’s favorite: “Who 
made this decision?” 

But the $28 billion regional bank hold- | 
ing company, based in Columbus, Ohio, 
had good reasons for replacing the pa-__ | 
per reports. They amounted to 200,000 | 
pages — the equivalent of 40 cartons — | 
sent to hundreds of offices every month. 
That’s 2.4 million pages per year. 

“As far as our users were concerned, | 
the sun came up every morning and 
they got their balance sheet and in- 
come statement delivered to their desk | 
every month-end,” says Raymond 
Heizer, IS project leader for corporate 
profitability systems at Huntington. 

The reports had to be mailed via an 
interoffice distribution system to 2,500 
locations for a diverse user group 
ranging from operations clerks to fi- 
nancial controllers. 

In place of that tidal wave of paper, 
the bank chose to load the financial 
data into an Oracle Corp. database run- | 
ning on a Unix server and purchased a_ | 
reporting system from Crystal Deci- 
sions Inc. in Palo Alto, Calif. The result: 
The bank is now saving $30,000 per 
year in paper costs alone, says Al Wern- 
er, vice president of corporate systems. 

Huntington is using Crystal Enter- 
prise, a Web-based system for report- 
ing, analysis and information delivery. 

It took four months and cost a little 
more than $1 million to deploy. The 
rollout was completed in October. 

One obvious benefit of the Web- 
based reports is that cost center man- 
agers can now see the balance sheet in- 
come reports immediately online. An- 
other benefit is the ease with which 
managers can see and resolve excep- 
tions — items in an account balance 
that don’t match the credits. 

“We've always had a lot of data in the 
bank, but it was always seen in rows 
and columns. Now we can have bar 
charts of mismatches,” Werner says. 

He says the most expensive piece of 
the rollout was installing the servers 
and software and developing reports 
that were easy enough to use that they 
didn’t require a lot of training for cost 
center managers. 

Currently, Werner says he’s working 
with bank offices to improve the look 
and content of the online reports by 
adding and subtracting certain lines 


| 
| 
| 
| 
| 


COMPUTERWORLD August 4, 2003 39 


AT A GLANCE 


and adding a third page of metrics. The 
report “is divided into sections, and 
each section gets a certain amount of 
report real estate,” he says. 

The data, drawn from Excel spread- 
sheets, mainframes and online analytical 
processing queries, may also someday 
include each branch’s balance sheets, 
employee turnover, new sales and cross- 
product sales, service quality and credit 
quality. “That way we can score a branch 
on how they’re doing,” Werner says. 

Going paperless has proved difficult 
for corporate America. Paper con- 
sumption by U.S. companies is growing 
6% to 8% annually, according to docu- 
ment technology user group Xplor 
International in Torrance, Calif. 

But Huntington is riding the front of 
a wave of banks trying to go paperless 
externally (with online banking state- 
ments) and internally to save money 
and comply with new regulations, says 
Avivah Litan, an analyst at Gartner Inc. 
“The trend started two years ago, but 
in the last nine months, it’s really been 
moving ahead,” Litan says. 

For example, in June, Congress 
passed the Check Clearing for the 21st 
Century Act, also known as Check 21, 
which allows banks to voluntarily ex- 
change electronic images over net- 
works instead of using paper checks. 

funtington Bancshares already offers 
online check images to members. 

As for the bank income statements, 
cost center managers have stopped 
mourning the loss of their beloved pa- 
per reports now that they see the ben- 
efits of the database and reporting 
tools, Werner says. “We give them the 
ability to... see details of what is be- 
ing charged. They can get an image of 
an invoice that hit their cost center. 
And they’re saying, ‘Wow, those are 
pretty nice features,’ ” he says. D 
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| The Navy is giving its workforce the 
' technical tools and information to plan 
_ successful careers. By Dan Verton 





U.S. NAVY effort launched 

two years ago is revolu- 

tionizing the way sailors 

plan their careers. It’s also 

ensuring that the Navy 

puts the person with the 
right skills in the right job. 

In July 2001, the Navy established 
Task Force Excel (for “Excellence 
Through Our Commitment to Educa- 
tion and Learning”) to help sailors ac- 
celerate learning and improve their 
proficiency. The program uses ad- 
vanced trainers and simulators, tai- 
lored training programs, mentoring, 
and performance measurement and 
counseling tools. 

“We think the right answer is to have 
one single business process for 
manpower, personne! and train- 
ing,” says Capt. Steve McShane, 
Sea Warrior’s program manager. 

Task Force Excel uses the “Five 
Vector Model” for personal and career 
development. The vectors represent 
the five developmental areas of a 
sailor’s career: professional develop- 
ment, leadership, management, per- 
sonal development and performance. 
By evaluating the Navy’s 370,000 jobs 
in terms of those common vectors, 
sailors can easily compare positions to 
better understand the specific require- 
ments of their career paths, says Mc- 
Shane. 

Some sailors working in IT can now 
assess their educational and competen- 
cy levels, identify skills gaps for specif- 
ic job requirements and map out career 
paths through the Sea Warrior program 
using the Career Management System 





Ns 
SN 





(CMS). This Web-enabled portal is cur- 
rently being piloted by a select group 
of sailors and Navy civilian personnel. 

“You could call it an individual de- 
velopment or career progression plan,” 
says Sandra Smith, team leader for 
workforce initiatives at the Navy CIO’s 
office. For example, sailors can study 
the skills required to be a CIO and plan 
their career paths accordingly. “Without 
a tool like this, a lot of people would not 
be able to develop as effective a career 
plan as they should,” she says. 


Setting a Course 

Petty Officer lst Class Anthony Cagle, 
a job detailer at the Navy’s IT commu- 
nity in Millington, Tenn., has been par- 
ticipating in the pilot project for 
the past two months. “It’s very 
useful in determining your next 
move and where you need to 
point your career,” he says. For 
example, the system tells workers what 


training they need to obtain the certifi- | 


cations required for their next career 
steps, based on the jobs for which 
they’re best qualified. 

“Before this system came along, all 
you had was a career counselor to help 


you — provided they were proactive in | 


their own job,” Cagle says. “This puts 
my career at my fingertips.” 

Senior Chief Petty Officer Patrick 
Courchene, another IT community 
personnel detailer using CMS, says a 
competent career counselor is critical 
to the process. “CMS gives you a visual 
representation of what you need to do, 
but I still think mentoring from career 
counselors is beneficial,” he says. 





The Navy is also using portals to 
help fill unpopular jobs, such as those 
overseas that require extended periods 
stationed away from family. 

For example, the Navy has integrated 
pay incentives with online reverse auc- 
tions to fill select jobs. First, the Navy 
sets a bonus pay cap for a particular job 
(such as $500 extra per month). The 
bids for incentive pay decrease as com- 
petition increases, so the Navy saves 
money. “It’s an optimal distribution sys- 
tem, but it’s voluntary,” says McShane. 
“Everybody’s going willingly.” 


Ahead of Corporate America 
Joyce Brocaglia, CEO of executive 
search firm Alta Associates in Flem- 
ington, NJ., says the Sea Warrior pro- 
gram puts the Navy light-years ahead 
of corporate America in terms of hu- 
man capital management. “What is 
unique about the Navy program is that 
they take a holistic approach to career 
development,” says Brocaglia. “It far 
exceeds any corporate program that 
I’ve seen in my 20 years of recruiting. 
If corporations adopted similar plans, 
their retention rates would soar.” 

In the corporate world, IT workers 
aspiring to become senior IT execu- 
tives are usually forced to rely on 
“calculated guesswork,” Brocaglia says. 
“If a developmental opportunity plan 
was available to them, they could make 
informed decisions about training, cer- 
tifications and job opportunities based 
on their career goals.” 

But with budgets tight, the Navy 
knows it can’t simply throw money and 
new technology at every workforce 
challenge. That’s where Project SAIL 
comes in. Still a work in progress, Proj- 
ect SAIL (Sailor Advocacy Through 
Interactive Leadership) is moving the 
Navy toward an interactive distribu- 
tion system that in the future may in- 
clude nonmonetary incentives such as 
guaranteed schools for high-perform- 
ing personnel or guaranteed jobs. 

Even the $6.9 billion Navy/Marine 
Corps Intranet (N/MCI) program is 
getting in on the act, says Rear Adm. 
John Cryer, commander of the Naval 
Network and Space Operations Com- 
mand. The N/MCI program now takes 
IT workers coming off of a sea-duty 
tour and assigns them to a guaranteed 
two-to-three-year shore-duty job 
working with industry and studying 
for various industry-standard IT and 
security certifications. 

“The goal is to return IT ‘top guns’ 
to the fleet,” Cryer says. 

And developing such talent within 
the ranks is critical to the Navy’s readi- 
ness, says McShane. “In the 21st centu- 
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“The goal is 
Onc ain ie 
“top guns’ 

to the fleet.” 
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All Navy personnel can conduct 
self assessments to plan or augment 
their career paths, such as finding the 
training that’s needed to meet a 
specific job requirement or finding a 
job description or title and determining 
what training is needed to reach that 
goal. The program is accessible 
PUT MUM Orem VU 
System's self-service portal. 


Navy personnel can accelerate 
CHT RUM ee em Um cele 
using customizable training programs, 
advanced trainers, simulators, 
TCA MOLI lee SMU M ea Ca uire Lies 
measurement and counseling tools. 


Siem ae clu me OMI Um a) 
Vector Model for personal and career 
development. It allows sailors to 
compare positions to learn about their 
element ecco 


An interactive distribution system 
that may eventually provide non- 
GUN MIL Uomo ts) 
guaranteed job assignments or 
schools for high performers. 


The program places IT workers 
coming off of sea duty in two-to- 
three-year shore-duty jobs. It also 
provides opportunities for training 
toward IT certifications. 


ry Navy, we are going to be relying on 
a more lethal force with greater tech- 
nological capabilities than anything 
we've seen in the last 50 years,” he 
says. “And the only way we can com- 
pete for talent in America is to make 
sure we improve our HR systems. We 
don’t necessarily need the best and the 
brightest talent, but the right talent.” D 
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OST COMPANIES store 
reams of data about 
their customers. The IT 
challenge has been how 
to integrate and massage 
that information so the 
business side can re- 
spond immediately to changes in sales 
and customer preferences. 

Henry Schein Inc. has it figured out. 
The $2.8 billion Melville, N-Y.-based 
distributor of health care products has 
designed and built a data warehouse 
with a standing in-house team of six IT 
professionals — and little or no help 
from consultants. 

But that wasn’t the original strategy. 
CIO Jim Harding says he hired 
an advisory team from dot-com 
consultancy MarchFirst, but that 
company went bankrupt in 2001, 
six months into the project. 

It was a rocky start. Harding says he 
knew that having the right skills was 
critical to the data warehouse project, 
yet at the time, Schein had zero ware- 
housing experience in its IT shop. So 
he and Grace Monahan, vice president 
of business systems, hired people for 
what they call “Team Schein.” 


Finding People for Tools 


Because Harding had chosen two key 
tools for the data warehouse — data 
extraction software from Informatica 
Corp. and front-end software from 


MANAGEMENT 


MicroStrategy Inc. — the focus was on 
finding people who had experience 
with those tools. 

Monahan hired three people from 
outside: project director Daryll Kelly, 
data modeler Christine Bates and 
front-end specialist Rena Levy, who's 
responsible for the user interface and 
data analysis, as well as user support 
and training. 

Dawen Sun, who handles extract, 
transform and load issues, and data- 
base administrator Jamil Uddin hold 
two other key positions. Another team 
member is rotated in from Schein’s ap- 
plication development group. 
| “You really need to have your own 
talent pool,” Monahan says. “Es- 
pecially once we put the kibosh 
on the consulting effort.” 

Kelly, the team leader, “came 


| 


| 





with a lot of expertise right out of | 


the gate,” Harding says. It was the kind 
of data warehousing experience that 
was lost when MarchFirst folded. 

That expertise is important because 
without it, “there’s a whole bunch of 
really terrible mistakes that are made 
by a data warehouse team that tries to 
invent it by themselves,” says Ralph 
Kimball, author of a series of data 
| warehousing books and president of 
| Ralph Kimball Associates Inc. in Boul- 
der Creek, Calif. 

The six months with the consultants 
weren't a complete waste, Harding 





team 
schein 


saves the Day 


Its consulting firm went bankrupt six months 
into the project. So Henry Schein Inc. hired 
its own team of experts to complete a 
data warehouse. By Jean Consilvio 





AT A GLANCE 


Henry Schein Inc. 
Melville, N.Y. 


A huge distributor of 90,000 
health care products in the U.S. and Eu- 
rope. It serves more than 400,000 cus- 

worldwide, including dental 
practices and laboratories, physician 
practices and veterinary clinics 


$2.8 billion 
6,900 in 16 countries 
200 worldwide 


says, because they left him with design 
and rollout plans, although they had to 
be revised significantly. 

Besides having the right skills, the 
other top priority was ensuring data 
quality. “It seems kind of obvious,” says 
Harding, “but sometimes these projects 
forget about [quality], and then the data 
warehouse ends up being worthless 
because nobody trusts it.” 

At the outset of the project, the team 
interviewed about 175 potential busi- 
ness users to determine the informa- 
tion they needed to access and the re- 
ports they wanted to see. Plus, the team 
analyzed the old paper re- 
ports and the condition of the 
data housed in the company’s 
core transaction system. 

Monahan says those steps 
brought to light the impor- 
tance of cleansing data ina 
system that’s designed for 
transactional purposes but 
not suitable for a data ware- 
house. That led to a long pe- 
riod of standardizing transac- 
tional codes in order to pro- 
duce the sales reporting that 
business analysts needed. 

Consultants can be valuable at the 
outset, but it’s the in-house people who 
have “this gold coin of knowledge of 
how their systems really work, which 
data is really good and not so good, 
and how the end users really want to 
use the data,” Kimball says. 

“Data quality is the hardest part 
of the project, because it’s very time- 
consuming and detailed, and not 
everyone appreciates it unless they’ve 
been through a couple [of projects], 
like Daryll (has],” Harding says. 

And there was yet another tedious 
obstacle. The data warehouse was de- 
signed to provide a very granular level 
of detail about customers, “so we can 
slice and dice at will,” Harding says. But 
the result was sluggish system perfor- 





“Data quality is the 
hardest part,” says 
Jim Harding, CIO at 
Henry Schein. 
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mance. So the team created summary 
tables to make the queries work faster, 
and those tables needed to be tested. It 
was a lengthy process, Harding says, 
but in the end, it worked very well. 


Never-Ending Job 

The journey has taken well over two 
years. The system went live 18 months 
ago but “really came into its own” in 
February, Harding says. 

Of course, building a data warehouse 
is a never-ending job. New companies 
are acquired, products are added, cus- 
tomers come and go, and new features 
and enhancements are ongoing. But 
from an IT standpoint, the data ware- 
house is complete and has 85% of the 
data from the core transactional sys- 
tem. The next major goal is to provide 
the European operation with its own 
data warehouse system and tie it into 
the one in the U.S. 

Harding says his project will surel 
justify the costs, but he lacks hard num- 
bers. “We didn’t have a formal ROI that 
you could track later. I don’t even know 
how you would do it,” he says. “The rea- 
son we're doing [the project] is because 
of the value it brings to the business.” 

Lou Ferraro, vice president and gen- 
eral manager of Schein’s medical 
group, says the business benefits are 
outstanding. He can now fig- 
ure out who his most prof- 
itable customers are, target 
customers for certain types of 
promotions and look at the 
business by product cate- 
gories or sales territories. 

Ferraro says the data ware- 
house also helps select cus- 
tomers for direct-mail mar- 
keting campaigns that range 
“upward of 25 million pieces 
annually.” 

One of the most valuable 
features of the data warehouse 
has been the ability to add fields to re- 
ports. “Once you create a basic report, 
draw a conclusion [and] drill further 
based on those assumptions, it allows 
you to use that data and go even further, 
as opposed to creating a new report, 
and another and another,” Ferraro says. 

The IT department used to create, 
edit, revise, run, download, reprogram 
and print piles of paper reports — dai- 
ly, weekly, monthly and quarterly — for 
the analysis of sales and market trends. 
But today, business users search, sort 
and drill down for that information 
themselves in a fraction of the time. 

The data warehouse has become “a 
part of our culture,” says Harding. “It’s 
got that kind of aura about it within the 
company.” D 
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Kozik Starts Newly 
Created CTO Job 


Susan S. Kozik, 
former vice president 
of IT operations and 
services at Lucent 


Technologies Inc., to- | 


day starts her new 
job as the first chief 
technology officer at 
the Teachers Insur- 
ance and Annuity Association - Col- 
lege Retirement Equities Fund in New | 
York, one of the largest private pen- | 


sion systems in the U.S., with$280 =| 





billion in managed assets. 
Kozik, 45, will be in charge of all | 
IT, including data center operations, | 
IT risk management, and systems en- 
gineering and architecture. She will 
also help the not-for-profit company 
try to meet its goal of aligning tech- 
nology with business needs. She was 
previously CTO at Penn Mutual Life 
Insurance Co. and started her career 
at Cigna Corp. 


Security Spending 
May Grow About 4% 


Total spending for security products 
and services for 2003 will increase to | 
approximately $17 billion, Aberdeen 
Group Inc. in Boston predicted in a re- | 
port last month. Annual spending flat- | 
tened at $16.3 billion during the past 
two years, the report said, and securi- | 
ty vendors took a hit during the same 
period: 50 companies were acquired, 
and 36 suppliers, most privately 
owned, went out of business. 


DOD Uses Unique ID 
Tags to Track Assets 


The Department of Defense last week 
implemented a unique-idertification 
program to track all new equipment 
and parts using a standard and uni- 
versal code tagging system. The 
mandatory policy will help produce 
clean audit reports and ensure system 
interoperability as well as enhance 
the logistics and business transac- 
tions that are used to support U.S. 
and coalition troops. The tags are 
compatible with the International 
Standards Organization. According to 
the DOD, an expansion of the policy 
to radio frequency ID is under way. 
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he New 


Project Manager 


AN YOU IMAGINE a subordinate lend- 
ing a sympathetic ear to his newly pro- 
moted supervisor? What would he say? 
“Well, boss, I see that you’re having a 
difficult time adjusting to your new 


power. That must be tough. 


I can really empathize 


with your difficulties. How can I help?” 


Not going to happen. 
New IT project managers 
never get this sort of sup- 
port. It’s much more com- 
mon that they get grudg- 
ing compliance and whis- 
pered resentments. Yet it’s 
a time when they need 
support more than ever. 

Bookstores overflow 
with books on being a 
manager, but rarely do 
they discuss the difficult 
transition of becoming a 
manager. 

Whether you’re manag- 
ing new managers or are a 
first-time project manager, 
pay close attention to the 
period of transition from individual 
contributor to manager. Becominga | 
manager requires more than just 
learning a new set of skills; it requires | 
a redefinition of self. 

Two of the most common prob- 
lems that plague first-time managers 
are attitudes they have toward their 
old job and their new one. 

“Just let me do it.” 

The first problem is an inability to 
delegate. We all learn to derive at 
least part of our satisfaction from 
feelings of competence. We develop 
skills that allow us to accomplish 
tasks and then feel good about those 
achievements. We are rewarded for 
our competence with money, praise 
and position. When rewarded with a 
promotion to project manager, one of 
the challenges is to abandon the past 





sources of competence 
for new ones. 

A new manager faces 
the difficult job of super- 
vising others who are de- 
veloping and using the 
skills that the manager 
has spent a lifetime ap- 
plying. Since new man- 
agers are often among the 
most capable people with 
those skills, they feel frus- 
trated by trying to work 
with others who aren’t as 
capable as they are. 

The manager’s first im- 
pulse is to think, “Get out 
of my way and let me do 
it. It'll take longer for me 

to explain it to you than to do it my- 
self.” Of course, doing this will not 


| only alienate staffers, but will also 


prevent them from growing into their 
new roles. 

New managers need to diminish 
their dependence on old skills in fa- 
vor of developing new ones. 

“| already know what my new job is 
all about.” 

The second problem is that not 
only are new managers burdened 


| with the success they achieved in 


their previous roles, but they are also 
burdened with preconceived notions 
about the role of a manager. 

Individual contributors have an 
idea of what they think the boss’s job 
is. Frequently, that concept is based 
on the idea that a supervisor’s job is 
to do the following: 





@ Provide task direction. 

@ Offer protection from political 
forces. 

® Represent the needs and desires 
of the team to senior management. 

Although these are all valid com- 
ponents of a manager’s job, they 
represent only a small part of the 
whole picture — only those parts di- 
rectly related to the obvious needs of 
subordinates. 

While each new manager brings a 
unique point of view to the job, it’s 
inevitably a view that’s limited by 
the experience of being a team mem- 
ber. This limited vision of the role 
of manager can be very difficult to 
dislodge. 

If anew manager brings very 
strong emotional associations with 


| his own previous managers, he may 


be very dedicated initially to their 
ideas of the role. Some may be intent 


| on emulating the management style 


of a beloved mentor. Others may find 
their ideas governed by avoiding the 
behaviors of poor managers. 

Regardless of the source of such 
initial conceptions, understanding 
more fully the wider role of a manag- 
er requires both abandoning precon- 
ceived notions and accepting new 
ones. Neither of these is easy. 

It typically takes new managers a 
year or more to begin to appreciate 
all the things that they don’t know 
about the new role. 

New managers require patient su- 
pervisors and mentors to survive the 
trial of the first months in the role. 
They need to be monitored and sup- 
ported during what is inevitably an 
emotionally trying experience. 

And they must realize that it’s nor- 
mal to feel stressed, confused and ex- 
hausted during the transition. D 
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Business Intelligence? 


Computerworld’s IT Executive Summit 
Has the Answers 


If you’re an IT executive* in an end-user organization, 
apply to attend one of Computerworld’s upcoming 


complimentary one-day summits on Business Intelligence. 


Neither a product nor a system, Business Intelligence (Bl) 
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and business performance measurement applications 
and databases. 


The only way to succeed with BI applications is to under- 
stand their complexity, their cross-organizational nature, 
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*Complimentary registration 
is restricted to qualified 
IT executives only. 
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Senior Client Services Engineer 
Implement all of the company's 
technical support programs. Mon- 
itor and respond to all customer 
inquiries via phone and email: doc- 
ument call activity and ensure cus- 
tomer satisfaction. Maintain techni- 
cal proficiency according te core 
competency guidelines. Document 
recurrent technical problems with 
FAQ responses and Application 
Notes. Perform on-site engage 
ments and training. Develop prob- 
lem theory and resolutions within 
omplex web environment involv 
ng web servers, level 3 devices 
ustom code, backend databases 
and application servers. Work in a 
challenging team-oriented environ- 
ment engaged in deploying wet 
security and access controi for 
state-of-the-art e-commerce appli 
cations. Perform network adminis- 
tration and performance tuning of 
either UNIX, NT or Novell platform 
Use Peri, Java, CGi, C/C++, ASP, 
HTML, XML. Requirements include 
a Master's degree or equivalent in 
Computer Sc ce, an Engineering 
discipline or related field and one 
year of experience in the job of 
fered or related field of web server 
platforms and applications. Appli 
cants must have unrestricted 
authorization to work in the United 
States. Salary $76,320/year. 40 
hours/wk. Respond with two copies 
f Case #200201964 


of resume to 


Labor Exchange Office, 19 Stani 


ford St., 1st Fl.. Boston, MA 02114 


Senior EA! Programmer / Analy 
Analyze integration reqs for en 
terprise appl's - SAP, CRM appl's, 
ic rel dbases & internet based 
appl's. Des v & imp integration 
solutions using See-Beyond suite 
of products (e*Gate, e*Insight 
e*Exchange, java/monk prograrr 
G abi enterprise 
cesses that 
or building 
complex bus processes. Estab 
lish EAI dev process & standards 
Support & enhance the existing 
SeeBeyond interfaces that inte 
grate external partners using EDI 
& XML. MS or equiv in CIS, Eng. 
CS or rel + 4 yrs exp as 
Eng, Programmer or rel. E 
nc T Software developmer 
programming (4 Years); Enter- 
prise Integration (2 yrs); Dev/ imp 
enterprise appl's (1 yr): Internet 
Programming and/or rel dbase 
eBeyond 
produ gate, e*Insight, and 
e*Exchange (2 yrs); Java/Web 
tech (2 yrs); & SAP imp (1 yr 
Position is 40 Hrs Wk / $100K/yr 
located in Manchester NH. Se 


programmin 


opies of resume to 


2003-279 


1cord 


Computer Analyst 


ting Oil Partners, L.P. has ar 
immediate opening in its Darier 
Connecticut facility for a 
Computer Analyst 


Analyze user requirements, pro 
cedures and probiems to auto 
mate and/or improve existing 
systems, review computer sys- 
tem capabilities, workflow and 
scheduling limitations, and 
design/write program specifica 
tions 


Must possess a bachelor's 
degree in Computer Science or 
a related field and relevant work 
experience with ASP, Java 
Applet, Javascript, VB script 
OHTML HTML database 
Connectivity, Java and OO 
design, Visual Basic, C and 
sa 


Resume and/or cover letter 
must reflect each requirement 
above and specify reference 
code CA or it will be rejected 


Forward resume to Eileen M 
Pivar, Manager, Personnel and 
Benefits, Heating Oil Partners. 
L.P., 64 Oakland Avenue, East 
Hartford, CT 06108. 


IT|Careers 


API Support Engineer 


Resolves s/w h/w probs using 
Visual C, Visual C++, VB. PC 
architecture, BIOS, RAID. 
Sync/Async, Signal-polled, call- 
back, single- & multi-threaded 
Answers user reqs re computer! 
telephony h/w & s/w probs 
Communicates, interviews user 
re errors & app design. Keeps 
call records. Contacts s/w h/w 
vendor re probs. Codes demos 
interprets 3rd pty code w/cust. 
Explains s/w errors to program- 
mers. Installs h/w, s/w & periph 
equip. Writes user manuals 
Serves as mentor. 11a-8p 
Reqmts: BS Comp Sc or Engnr, 
1 yr App. Supt. Engnr. Send 
resume to: Dir. CT Support 
ScanSource, 6 Logue Ct 
Greenville, SC 29615. EOE 


Analytic Programmer, Wachovia 
Corp., Charlotte, NC. Develop 
derivatives trading appls. for trad- 
ers using the Calypso system as 
a foundation. Design and impie- 
ment trading applications. Reqs 
BA in Computer Science & 2 yrs 
exp. in the pos. offered or as a 
Software Developer The 2 yrs 
must incl. work developing finan- 
cial trading applications in UNIX 
and NT environments using JA- 
VA, C++ and SQL and work with 

srivatives products. M-F, 8-5, 
Send resume to Meredith Krogh 
Wachovia Corp., 401 South Tryon 
Street th Floor, NC 0475, 
Charlotte, NC 28288-0475. No 
phone calls 


Leader, Quality Assurance 
harlotte, NC, Wachovia Corp 
Define, coordinate, and execute 
testing for existing or newly devel 
ped high-profile banking applica 
tions on the Internet. Regs. BA in 

omputer, industrial or Production 

ering & 2 yrs exp. in the 
in offered or as an IT Analyst 
oftware Engineer. The 
required exp. must have includ: 
software 
metrics performance monitor 
Quality Management 
esses and tools and work with 
nated test tools such as 
Runner, LoadRunner, and Test 
Director. M-F, 8-5, Send resume to 
Randall Buck, Wachovia 
1525 West W.T. Harris Bivd 
NC 28262-0775. 


evelopment, testing 


Seeking qualified applicants for the 
following positions in Memphis 
or Programmer 
e/define fun 

lirements and documentatior 
on accepted user criteria 
sirements: Bachelor's degree 

computer scienc 
related field 
rs of experience in sys 
s/applications development 
Experience with 3rd/4th generation 
programming languages, including 
Java; ROBMS patch process: 
ng also required. *Master’s degree 
iN appropriate field will offset 2 

years of general experience. S 
mit resumes to Sibi George, FedEx 
Corporate Services, 1900 Surnmit 
wer Bivd., Suite 1400, Orlando. 

FL 32810. EOE M/F/D/V 


Systems Analyst-2 Positions 
Design, analysis and devel- 
opment of web and intranet 
applications with the focus 
on E-commerce solutions 
using Java, ASP, Javascript 
HTML, C++ and connectivity 
with MS SQL database. Req 
MS in CS/InfoTech. OR BS/ 
BBA with 3 yrs of related exp 
Resume to Skaps Industries 
571 Industrial Park Way. 
Commerce, GA 30529. 


Computerworld + InfoWorld + Network World + August 4, 2003 


SOFTWARE ENGINEER: Lotus 
notes domino application develop- 
ment and administration. Design, 
deploy enterprise application using 
J2EE, Weblogic, Websphere; UML 
Rational Rose and ORACLE. The 
job duties are to Analysis of current 
procedures and problems to refine 
and convert the data to program- 
mable form; determine output re- 
quirements;study existing systems 
to evaluate effectiveness; upgrade 
systems presently in use; develop 
test and implement new software; 
observe functioning of newly imple- 
mented system and programs for 
trouble areas; correct systems/pro- 
grams as necessary. Requires BS. 
Eng or equivalent in education with 
1 year of software development ex- 
perience. 40 hours per week at 
$60,000 per year. Please send res- 
ume to Case # 200202095 Labor 
Exchange Office, 19 Staniford St 

1st floor, Boston, MA 02114 


Systems Analyst, Charlotte, NC 
Wachovia Corp. Under direct sup 
ervision, design & develop appl 
software, convert specs. into code 
& test & prepare code for produc- 
tion. Reqs. BA in Computer Sci- 
ence & 1 yr. exp. in the pos. offered 
or as an IT Web Designer, Grad 
uate Engineer or Computer Pro- 
grammer. The 1 yr must incl. work 
converting specs. into code, testing 
& preparing code for production & 
work w/ C++, JAVA, J2EE technolo 
gies, JSP, ASP, HTML languages 
using web servers (i.e. TOMCAT) 
on SQL Server & ORACLE data- 
bases in a UNIX environment. M-F 
8-5, Send resume to Randall Buck 
Wachovia Corp., 1525 West W.T 
Harris Bivd, NC 0775, Charlotte 
NC 28262-0775. No phone calis 


Seeking qualified applicants for the 
following positions in Memphis: 
Collierville, TN: Senior Systems 
Programmer. Devise procedures to 
solve complex systems and appli 
cations problems. Requirements 
Bachelor's degree or equivalent* in 
computer science, MIS, engineer- 
ing, mathematics or related field 
plus 5 years of experience in sys 
tems programming. Experience 
with retail point-of-sale systems: 
applications development using 
Java; CORBA; and systems/inte- 
gration/user acceptance testing 
also required. *Master’s degree in 
appropriate field will offset 2 years 
of general experience. Submit 
resumes Sibi George, FedEx 
‘orporate Services, 1900 Summ 
Tower Bivd uite 1400, Orlando 
FL 32810. EOE M/F/D/V 


ing qualified applicants for the 
liowing positions in Memphis, TN 
Technical Advisor. Provide technic 
al advice and expert ystems 
development project groups in de 
fining, developing and 


isting, as well as proposed, applica 
f 


lewing ex 


Requirements: Bachelor's degree or 


computer science. 
7 


for major computer sy: 


equivalent* 
math, MIS or related field plus 
gars of 
applications di pment, including 
programming. Experience with Vis 
yal Basic, SQL Server and Server 
hardware also required. “Master's 
degree in appro} 


2 years of general experience 


experience in systems: 


te field will offset 


resumes to Chris Gibney 

Express Corporation, 2003 
Corporate Plaza, 3rd Floor, Mem 
phis, TN 38132. EOE M/F/D/V 


COMPUTER-Oracle 
Database Administrator 
(NY, NY). Install, configure 
& administer Oracle Data- 
bases, Oracle Financial 
Applications, SUN SPARC 
Solaris Servers & Storage 
Systems. Perform SQL/PL- 
SQL Scripting, Unix shell 
scripting, VAX VMS & Alpha 
operations. 4 yrs of Oracle 
DBA exp. req'd. Send cover 
ltr & CV to: GNYHA, 555 
West 57th St. NY, NY 
10019, Attn: HR-DBA 


ale tacts eee) ee 


The World Of 
Work Is Changing 
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ee b Bi 
exe 
itcareers.com is now powered 


by CareerJournal.com! 


Search for jobs and post 
your resume here on 


www.itcareers.com 
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Programmer Analyst 
needed w/exp in s/w appli- 
cation using UML, J2EE, 
EJB, JMS, Weblogic Ser- 
ver, XML, TIBCO and 
Oracle on Unix and 
Windows NT platforms. 
Send resumes to: Triple 
Point Technology, Inc., 301 
Riverside Ave., Westport, 
CT 06880. No inperson 
resumes/interviews: only 
respond by mail 


Sr. Project Engineer/Manager wan: 
ted at our location in Chicago, IL 
Bachelor's degree or foreign equiv- 
alent degree in Telecommunica- 
tions or related field and 2 yrs. 
experience in job offered or in 
Financial Communications or Tele- 
communications. Experience must 
include WAN, LAN, and IP-based 
router networking and configuration 
or design of large IP-based 
intranet/Extranet incorporating 
Firewall security and server ser 
vices E-mail resume to 
Rebecca.Gustamente@ 


Radianz.com (subject: Code 0314) 


Webmaster. Responsibilities in- 
clude web design & development, 
E-Commerce system mainten- 
ance using web templates, web 
ordering system and web catalog: 
web marketing; and web server 
maintenance. Must have Bachel 
or's in Computer Science, MIS or 
related, and must have knowl 
edge of E-Commerce including 
digital payment, online catalogs. 
data exchange and security 
search engine optimization; ASP: 
Dreamweaver; Photoshop; and 
MS IIS Web Server. Send resume 
to Overland Sheepskin Company 
Inc., Attn: HR Dept 2096 
Nutmeg Ave., Fairfield, IA 52556 


Programmer Analyst. Convert 
customer requirements into pi 
gram specifications; analyze im- 
pact of proposed solutions on 
business applications; ensure sat. 
isfactory functioning through test- 
ing and analysis of results; correct 
deficiencies according to cus 
tomer requirements; and review 
work of development team mem 
bers. Must have 3 yrs. exp. as 
Programmer Analyst or Program 
mer, including 3 yrs. exp. with 
Object Oriented programming. 
SQL, Oracle, UNIX, Windows ap- 
plication development, program. 
ming in C; and JavaScript . Send 
resume to APAC Customer Ser 
vices, Inc., Attn: Cindy Corkery, 6 
Parkway North Center, Deerfieid 
IL 60015. EOE/AA 


APAC CUSTOMER SERVICES 
INC. is not affiliated with APAC 
Inc., the road paving and con 
struction materials company 


Need to le ohne 
Be 


professionals? 
Post your 


jobs here 
at: 


WWw.itcareers.com 
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Project Manager 


Evaluate technical specifi- 
ctns. design & implement 
managmnt applictns. remote 
training/on-line educ. & busi- 
ness applictn for multi-nation- 
al companies. Req: BS in CS, 
3 yr. Exp. Skills in Oracle 
Appli. Designer & Developer, 
BlackBoard, Manugistics 
WorkFlow Recruit, Supply 
Chain Management, Lotus 
Courseware, Java, J2EE and 
NET, C++. 40hr/wk, 9-6 
Resume/Ad to 3213 W. Main 
#592, Rapid City, SD 57702 


Senior Software Engineer want- 
ed by Financial Computer 
Services inc., in Fairfield, NJ 
Must have a MS in Comp Sci or 
related field with min 2 yrs exp in 
high perf s/w dsgn & dvipmnt 
Job duties include dsgning & 
dviping arch for all internal & 
external info technology sys- 
terns to provide finance-based 
services using object-oriented 
technology & various s/w dvipm- 
nUtesting tools, & dviping, imple- 
menting & integrating db apps 
using various db technologies & 
data comm protocols. Provide 
ongoing mgmt & admin on appli- 
cation systems & technology 
environments. Fax resume to 
HR Dept at 973-227-8795. 


Sr. Computer Engineer: Lead IT 
division to design, develop and 
test both system and application 
level software for E-business 
and to maintain and upgrade 
information technology. Master 
in Computer Science or in 
Electrical Engineering, and relat- 
ed IT exp. required 

Database Administrator: Code. 
test, and implement database 
applications Maintain and 
improve high volume e-com- 
merce and accounting databas- 
es. Two years related experi- 
ence required 

Send resume to Chang-Sheng. 
Inc., HR Dept., 10641 Harwin 
Drive, Suite 502, Houston, TX 
77036 


Software Engineers to analyze. 
design, develop, implement 
appls using Java, C++/C, Perl 
Shell Script, JOBC, VB, Pro*C 
Oracle, Dev 2000, SQL Server 
on UNIX/Windows platforms 
perform unit/integration testing 
performance tuning and query 
optimization; interact with clients 
to ascertain functional/tech 
reqs.; provide customer support 
feedback; debug and trou 
bleshoot; train team members. 
end users. Require: M.S. or for- 
eign equiv. in CS/Engg.(any 
branch) with 1 year exp. in IT. 
Travel involved. High salary. F/T. 
Resume HR Compsoft 
Technology Solutions Group 
Inc 11 N_ Roselle Rd 
Schaumburg, IL 60194 


PROGRAMMER ANALYST 
G.i.M Productions — Inc. 
Chicago IL, seeks Progr 
ammer Analyst to design & 
develop s/w app! using C 
C++, Java, Java Script, SQL 
PL/SQL, cold fusion, Flash 
ASP, EJB, Serviets, XML 
HTML & VB. Resp. also incl 
design & impl. of data bases 
using SQL Server 2000 
Oracle & Access. Must have 
S in Cmp Sc & 2 yrs relevant 
exp. Email resume to: 
jobs@gimproductions.com 


Software Engineer 

Hexaware Technologies, Inc. is 
seeking a Sftwr Engr to anlyz. 
dsgn, dev, code, test & implem 
sftwr progrms/appls MS in 
Comp. Sci., Electronics Engrg, 
Physics or Math + 1 yr exp as 
Sftwr Engr, Prog. Analyst or 
Sftwr Consitnt rqd. Must have 
exp. w/dev. & implem. acctg or 
mgmnt syst. using FoxPro for 
Windows, PowerBuilder, Sybase 
SQL Anywhere & Oracle 
PL/SQL. High mobility preferred. 
Resume only to: R. Ravindran 
Director-HR Hexaware 
Technologies inc 4343 
Commerce Ct., Ste. 618, Lisle. 
IL 60532 


Business Analyst to analyze and 
design high end business models. 
technical experience in CRM im- 
plementation in telecom 
modules necessary 
wiedge of Billing, Rating. 
tion systems and automated work 
flow systems PL/SQL, MS Sql- 
Server, Oracle 8i, Visual C++, XML 
XSLT and Centura is required 
Full time position M-F pays market 
levei salary. Applicants with Bach- 
elor degree in Engineering plus 2 
years related experience in tele- 
communications, send resumes 
to: Supra Telecommunica- 
and Information Systems 
nan Resources Dept 
W. 27th Ave., Miami, FL 


Synergy has openings for IT pro- 
fessionals. Qualified applicants 
must have BS with some experi- 
ence. Strong background in 
TCP/IP Suite, Weblogic, Oracle 
SQL, VB, PeopleSoft, Java is 
plus. Please send resumes to: 
hr@synergycom.com. Travel is 


required for some positions. EOE 


Horizon Companies, Inc. is look- 
ing for system analyst & other IT 
profess Minimum quire- 
ment is BS plus IT experience 
Skills in VB 5.0, Forms 4.5, SAP, 
PeopleSoft, Oracle & Oracle 
Financials, AP, AR, GL preferred. 
ly at 


Softec Solutions, Inc. seeks ap- 
plicants for the pc ion of Pro- 
grammer in Englewood, CO to 
develop Web-based and Paim- 
based software applications. Re 
quirements for position include a 
eiors ee in computer 
nce, electrical engineering or 
related field and software pro- 
gramming experience. Addition- 
al requi nts include working 
knowledge of developing Web- 
based and Paim-based applica- 
tions, JSP, Satellite Forms, and 
Oracle*C solidator. Respond 
by resume to Parimal Joshi 
sitions, 384 Inverness 


Englewood, CO 


Computer Systems Admin- 
istrator. Analyze/maintain/ 
modify applications on IBM 
mainframe. Req. BS Math/ 
Comp. Science/Rel. Field & 
2 yrs exp in job/2 yrs exp as 
Sr. Analyst/Programmer 
Spec. Req. Expertise in 
COBOL, DB2, CICS, CSF. 
Cordaptix & Utility Billing 
Systems. Send Resume 
Louie G. Abad, EV3A, Inc., 
412 Wellsley Court 
Folsom, CA 95630(Jobsite) 


Get Ahead In Your Career! 


BDPA, The Premier Organization For African Americans 


In Information Technolog 


Invites You To Attend The... 


CAREER EXPO 
August 15 - 16, 2003 ¢ Philadelphia Marriott 


Friday, August 15: 10:00am - 6:00pm ¢ Saturday, August 16: 10:00am - 4:00pm 


FREE ADMISSION TO THE CAREER EXPO! 
Employers Include: Abbott Laboratories © Accenture * Advanced Reasoning Systems * Anthem Blue 
Cross Blue Shield ¢ AstraZeneca © Cardinal Health « Computer Associates Compuware Corporation ¢ 
Dell Computer ¢ Deloitte Consulting * FleetBoston Financial ¢ GlaxoSmithKline ¢ Greenwich Technology 
Partners * Hewitt Associates ¢ Household International ¢ lowe Human Resource Recruitment 
Consortium ¢ Mayo Clinic e McDonalds Corporation ¢ Merck & Company  Performigence 
Corporation ¢ Sears Roebuck & Co. ¢ Siebel Systems Siemens Business Services * Thomson 
West ® Toyota Motors © Unisys ¢ The Vanguard Group ¢ Verizon Wireless * Wachovia 
For the latest information, please visit us at www.shomen. 
Employers - To exhibit at the Career Expo, piease call Gioriann Clark at 318-308-4408 
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Client Integration Consultant 
Reg. Bach or equiv. in CS, Eng 
or rel. field + 4 yr relevant exp. 
Contact brokerage client to ob- 
tain integration reqmts & deliver 
trading solutions. Interface w 
trade order mng. systms (incl 
MerrinLink, MacGregor, Mass- 
Link, Landmark), post-trade alio- 
cation algorithms, clearing & 
settlement systms re: trading 
applics. Perform applic integra- 
tion using FIX trading protucol 
Interface w/mkt data systms 
Generate P&L. Create ad-hoc 
reports quickly from variety of 
tools, inci Visual C++, Peri/Tk. 
Python, MFC, STL, COM, X 
Motif, Crystal Reports in UNIX 
envirmt. Report formats from 
Bear Stearns, OASYS, OATS 
Middleware prgmng using Tibco 
Rendezvous, Talarian Smart- 
Sockets & Corba messaging 
protocols. ITG, Inc., NY, NY. 
(www.itginc.com). Fax 

HR/SM at (617) 692-6889 
Calls. Principals only. EOE 


Staff Analyst - ABAP Developer 


Analyze IT operational require- 
ments. Develop new custom in- 
terfaces. Maintain existing cus- 
tom interfaces, enhancements. 
reports & forms using SAP ABAP. 
Develop detailed design specs 
from business requirements 
Write custom ABAP/4 code to ful- 
fill design requirements. Must be 
willing to travel to project sites 
throughout US on short- or long- 
term assignments. Must have 
Bachelor's degree or foreign 
equiv. in Comp Sci, Engineering, 
Business, Accounting or related 
field + 3 yrs exp in job offered or 
SAP Systems Analyst. 8:30am- 
5pm, M-F. OT as needed 
$90,000/yr. Reply to Job Order 
#WEB343666, Site Manager, 
Beaver County CareerLink, 2103 
Ninth Ave., Beaver Falls, PA 
15010-3957 


TECHNICAL CONSULTANTS. Pro- 
vide design, development, and 
delivery of customer-specific prod 
uct extensions, integrations, re 
ports, and data analyses in man 
aged project framework, working at 
various unidentified assigned sites 
in U.S. Provide analysis for fun 
tionality of employer a 

legacy systei7s. Act 

ter expert in sales 

vide quality < 

monitoring 

partner engag 

technica’ g 

tation, prototyp 

installation and de; 

tomer-specific 


base design 


2000/97 and MS 


including tnggers and s 


Case 
Hillsdale C 


46250 


Network Administrator for IT co 
in Wilmington, DE to configure. 
manage computer networks 
perform tuning of application 
packaged under UNIX & Win 
2000/NT/95 operating systems 
Utilize know! of LAN/WAN con 
nectivity using Routers, Switch- 
es, Firewall gateways over 
leased circuits. Utilize routers & 
protocol such as Cisco, Lucent 
etc. RIP, OSPF, EIGRP & BGP-4 
Dsgn network security & train 
network admin. Req: Associates 
deg, diploma/equiv in Comp Sci 

Electronics or related & 2 yrs 
exp. Any combination of edu & 
exp that equates to min req is 
acceptable. Resp to Int'l Bus. 
iness Software Solutions, Inc 

901 Market St, Ste 480 
Wilmington, DE 19801, fax (302) 
654-4592, Jobs2@ibssinc.com 


Computerworld + InfoWorld +» Network World + August 4, 2003 
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NET2S, 82 Wail S 

New York, NY 10 ‘ 
279-1960; Phone (212) 279-6565; or 
Email: jobus-ny@net2s.com 





Satyam Computer Services Ltd., 
a leading software consuiting 
company, seeks computer pro- 
fessionals for various positions 
including: Programmer Analyst 
Database Administrator, Syst- 
ems Analyst, Business Systems 
Analyst, Quality Engineer and 
Software Engineer. Opport- 
unities exist for qualified appli- 
cants with 1-7 years of related 
experience with one or more of 
the following 


User Interface Design 
Performance monitoring and 
Tuning 

Operating System Level 
Tuning 

Client/server object Oriented 
Development 

Case Toois/Modeling 

IBM Mainframe Tools 
Communications & Networking 
Web Development 
E-Business 

RDBMS 

Database Administration 
Business process or Technical 
Re-Engineering 

Software Implementation 
Supply chain Management 
Enterprise Resource Planning 
Enterprise Systems 
Management 
Object/Distributed 
Technologies 

Middleware 

Groupware 

Data Warehousing 

QA Environments 
Communications & Networking 
Customer Information 
Systems 

Billing Systems 


All positions require a Bachelor's 
degree in a related field. Some 
positions require a Master's 
degree and all positions requires 
frequent relocation. Oppor- 
tunities available through out 
US. Please email your resume 
with Job Code #GENITC 
080403 including salary require- 
ments to 
resumeus@satyam.com 


Computer - Software Engineer 
(Senior), (Austin, TX) - Analyze 
design, develop, test and imple- 
ment enterprise management 
framework applications and 
tools utilizing C, C++ and Java 
object-oriented programming 
languages in Client/Server arch- 
itecture on Windows, OS/2 
AS/400, AIX and Solaris Oper- 
ating Systems with TCP/IP net- 
working protocols. Requires a 
Master's or equivalent degree in 
Computer Science, MIS or En- 
gineering and one year of expe- 
rience in the job offered or one 
year of experience in the related 
occupation of I/T Specialist or 
Computer Consultant. Employ- 
er will accept a Bachelor's de- 
gree and five years of progres- 
sively more responsible work 
experience in the |/T field in lieu 
of a Master's degree. 40hrs/wk 
8am-5pm, $81,000.00/yr. Apply 
at Texas Workforce Commis- 
sion, Austin, TX or send resume 
to Reply to the Texas Workforce 
Commission, 1117 Trinity, Room 
424T, Austin, TX 78701, J.0.# 
TX1696335. Ad paid by an equal 
opportunity employer 


OH Ins. Co. seeks Applied Sys- 
tems Analyst/Prgr-PL4 to assist 
in preparing detailed technical 
specs.; design; code, test, debug 
docs. & maintain programs for 
automated business systems 
Required knowledge in Smalitalk 
memory management. Min. reqs 
Bachelor's in Electronics Eng. or 
equiv. & 2 yrs in job or job relat: 
ed exp. including working knowl- 
edge of Smalltalk, Webconnect 
Gemstone, RationalRose, XML 
Envy, Sunit, CRC, OO method- 
ologies, OO design patterns 
Resume to Susan Swales, 300 
N. Commons Bivd., Mayfield Vill- 
age, OH 44143. No calls. EOE 


IT|careers 


Senior Computer Systems An- 
alyst - Responsible for analyzing 
user requirements, procedures 
and problems in order to auto- 
mate processing and improve 
existing computer systems; Con- 
fer with customers to analyse 
current operation procedures 
and identify problems in order to 
gain knowledge of computer sys- 
tems’ specific input and output 
requirements. Utilizing knowl- 
edge of HP-UX 10.X, INGRES. 
MTi and hardware platforms 
such as DEC Alpha and HP, re- 
view computer system capabili- 
ties, workflow and scheduling 
limitations in order to determine 
possible changes of impiement- 
ed programs or if whether pro- 
gram changes are possible with- 
in existing systems; Study exist- 
ing information processing sys- 
tems, evaluate effectiveness and 
develop new systems in order to 
improve production and/or work- 
flow; Conduct studies periaining 
to the development of new infor- 
mation systems in order to meet 
current and projected needs. 
Plan and prepare technical re- 
ports, memoranda and instruc- 
tional manuals as computer pro- 
grams developer. 


Must have Bachelors Degree in 
Mathematics; 2 yrs. Of exp. in 
Computer field. Full time (9:00 
am to 5:00 pm), 40 hrs/wk @ 
$75,000/yr. Please send resume 
to P.O. Box 11170, Detroit 
Michigan, 48202. Please refer- 
ence job order: 210707 


EMPLOYER PAID AD 


fccaas. Pain we 
Computer - Consulting Senior \/T 


Architect (Pittsburgh, PA and at 
various locations throughout the 
U.S.) - Deploy latest e-business 
technologies; design, develop- 
ment and architecture of web- 
based middieware applications, 
provide technical guidance and 
support; solutions architecture 
analysis design, programming 
performance tuning product 
installation and system integra- 
tion, utilizing Java, Visual Basic. 
Solaris, WebSphere Application 
Server and XML. Requires a U.S. 
or Foreign Equivalent Bachelor's 
degree in Chemical Engineering 
MIS, Computer Science, or En- 
gineering and one year of experi- 
ence in the job offered or one 
year of experience in the related 
occupation of Consultant. 40 hrs: 
wk, 8am-pm, $90,000/yr. Reply to 
Job Order WEB 34397, Site 
Director, Pittsburgh/Aliegheny 
County CareerLink, ATTN: CL 
Program Supervisor, 425 Sixth 
Avenue, Suite 2200 Pittsburgh 
PA 15219-1837 


SOFTWARE ENGINEER to 
design, develop, maintain, sup- 
port and test client/server, web- 
based and n-tier application soft 
ware using Java, J2EE, EJB, 
Serviets, JSP, JFC, JND!, JDBC 
Visual Age for Java, Jbuilder, 
EAServer, WebSphere, Power 
J, MQ Series, Oracle, Sybase 
ASE, VC++ and Jprobe on 
Windows NT/2000 and UNIX 
operating systems; Design high- 
level object modeling using 
OOAD, UML and Rational Rose 
Require: Master's degree in 
Computer Science. an 
Engineering discipline, or a 
closely related fieid with 2 yrs of 
exp in the job offered or as a 
Programmer/Analyst. Extensive 
travel on assignment to various 
client sites within the U.S. is 

Competitive salary 
offered. Apply by resume to 
Leena Bhakta, Alpha Computing 
Solutions, LLC, 5865 Jimmy 
Carter Bivd Ste. 125 
Norcross, GA 30071; Attn: Job 
SG. 


COMPUTER/IT 

Customer Support Manager - 
Req. Bachelor's degree (or 
equiv. foreign educ.) in Comp 
Sci., MIS, or Business Admin. & 
2 years’ exp. in the job offered or 
2 years’ exp. providing business 
systems network user support 
for a Fortune 100 manufacturing 
company. Stated exp. must 
include one year in each of the 
following: supporting use of| 
Avaya telecommunications soft- 
ware for multiple US. & 
European facilities util 
Computer Associates UniCenter 
service desk ticket mgmt. soft- 
ware to track support requests. 
& training workers in use of 
workforce mgmt. tools. Must be 
available to travel domest. & 
int'lly up to 20% of working time. 
On a global basis, direct the 
conceptualization, development, 
& implementation of integrated 
IT customer support processes 
& toois for business systems 
network users for a Fortune 100 
manuf. company. 40 hrs./wk 
Apply with resume to 
International Paper Company, 
Attn: Melanie Russell, 4070 
Willow Lake Boulevard 
Memphis, Tennessee 38118 
Please reference job number 
8988. 


Computer - Software engineers & 
Consultants with solid background 
in several of the following technolo- 
gies 
C/C++/VC++, MFC, Perl, Tcl/Tk 
Shell Scripting 
Microsoft NET Technologies 
J2EE/Java Beans/Serviets/JOBC 
XML 
UNIX/NT 
E-commerce/E-business (Ariba, 
Bea), IBM e-Business 
Oracle/Sybase/SQL server/DB2 
ERP/SAPR3/mySAPBW. 
mySAPSEM/APO/ABAP 
CRM/Siebel, Clarify, mySAPCRM 
COM/DCOM/Corba 
Microsoft Technologies: ASP, 
Visual Interdev 


Senior Level Positions require 


graduate degree, Lucrative com- 
pensation. Mail Resumes to 
Venkat Kaushik 
Pacific West Corporation 


309, Court Avenue, Suite 222 
Des Moines, |A 50309 


Software Engineer (with Mas- 
ters Degree and 2 years expe- 
rience or Bachelors and 7 
years experience) - Natick, MA 
Job entails and requires experi- 
ence in design, development 
and maintenance of business 
applications using Oracle En- 
terprise manager and related 
tools (TOAD, PL/SQL, Store 
procedures), Oracle DBA, Perl 
5.X and Unix shell Scripting 
Attractive compensation pack- 
age. Send resume to Ed Tour- 
tellotte, Tourtellotte Consulting 
20 Main St., Suite 308, Natick 
MA 01760 


Consultant (Accounting Syst- 
ems) -- NJ Software and 
Network Consultant Firm 
Design & implement accounting 
and cash management systems 
work with Oracle Cash 
Management and General 
Ledger to process financial 
information; create database 
schemas for payroll, tax and 
order management. Req B.S. in 
CS, MIS or Business (or equiva- 
lent exp.) plus experience imple- 
menting accounting systems in 
relational database manage- 
ment systems using Oracie plat- 
forms. Send resume and sal 
req. to Reliant Technologies Inc 
1208 Highway 34, Suite 21 
Aberdeen, NJ 07747 


Computer - Software Engineer 
(Austin, TX) - Develop, design, 
code and maintain software for 
Framework product. Assist Level 
2 customer support. Perform 
multiple network interface sup- 
port for UNIX operating system 
Implement various client/server 
programs to schedule/list/edit/ 
delete jobs and query the persis- 
tent database. Utilize C program- 
ming language in a multi-plat- 
form environment. Requires a 
Master's degree in Computer 
Science or Engineering and one 
year of experience in the job 
offered or one year of experience 
in the related occupation or 
Research Assistant/Engineer or 
Systems Administrator. Employ- 
er will accept a Bachelor's de- 
gree and five years of progres- 
sively more responsible work 
experience in the I/T field in lieu 
of a Master's degree. 40hrs/wk, 
8am-5pm, $67,980.00/yr. Apply 
at Texas Workforce Commission, 
Austin, TX or send resume to 
Reply to the Texas Workforce 
Commission, 1117 Trinity, Room 
424T, Austin, TX 78701, J.0.# 
TX1696336. Ad paid by an equal 
opportunity employer. 


SENIOR PROGRAMMER/ANA- 
LYST to analyze, design, devel- 
op, test, install, tune and upgrade 
Oracle CRM applications, Oracle 
databases and JDEdwards One- 
World ERP systems using .NET 
Technologies, Visual Basic, MS 
SQL Server, Visio, UML, XML 
PL/SQL, C, C++, Java, UNIX 
Scripting, Rational Rose, Erwin 
HTML, Peri and ASP under Win- 
dows operating system. Require 
B.S. degree in Computer Sci- 
ence/Engineering, or a closely 
related scientific discipline with 2 
yrs of exp in the job offered. Ex- 
tensive travel on assignments to 
various client sites within the 
U.S. is required. Competitive 
salary offered. Send resume to 
Sundeep Chaudhry, Elite Solu- 
tions, Inc., 1670 Reserve Way, 
Ste 203, Decatur, GA 30033 
Attn: Job PC 


Assistant Director, Operations: 
- to analyze business or operating 
cedures to devise most effi- 
vethods of accomplishing 
work; confer with new & existing 
clients to determine their comput- 
er account requirements and 
budget constraints; analyze cus- 
tomer needs & sales statistics to 
formulate policy in promoting 
sales; conduct GAP analysis & 
recommend solutions. Bachelor's 
degree or foreign edu. equiv. + 1 
yr. exp. required. Travel and/or 
relocation required. Send confi- 
dential résumé, salary require- 
ments to: Microhard Technical 
institute, 600 Enterprise Drive 
Suite 207, Oakbrook, IL 60523 


Software Engineer (with Mas- 
ters Degree and 2 years experi- 
ence or Bachelors and 7 years 
experience) - Natick, MA. Job 
entails and requires experience 
in design, development and 
maintenance of business web 
applications using Oracle Enter- 
prise manager and related tools 
(TOAD, PL/SQL procedures), 
Oracle DBA, Websphere, J2EE 
(Serviets, Applets and JSP) 
VoiceXML and Unix shell script- 
ing. Attractive compensation 
package. Send resume to Ed 
Tourtellotte, Tourtellotte Consult- 
ing, 20 Main St., Suite 308 
Natick, MAO1760 


Computerworld + August 4, 2003 
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Associate Engineer 


Pitney Bowes Inc. has an opening 
in its Stamford, Connecticut office 
for an Associate Engineer. 


Responsible for software which is 
currently being developed for key 
subsystems of SSPS - Product 
Anywhere systerns. Work with the 
department test coordinator and 
execute software testing to assure! 
that tools delivered to production 
will meet specifications 


Must possess at least a bachelor’s 
or its equivalent in Engineering. 
Computer Science or a related field 
and relevant work experience as an 
Engineer, including experience with 
object oriented development meth- 
odology, Database Development, 
Test tools, Oracle and SQL, and 
developing applications using C. 
C++, Visual Basic, Powerbuilder, 
Develop 2000, Java, ASP and 
Rational Suite 


Resume and/or cover letter must 
reflect each requirement above and 
specify reference code AE/NB or it 
will be rejected 


Forward resume to Robbin Drew 
Elliott, Pitney Bowes Inc., One 
Eimcroft Road, Stamford, CT 
06926-0700. 
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Software Engineer 


Design, Test, Document 
and Update Software ap- 
plications. Prefer a Bach- 
elor's Degree or Foreign 
equivalent in a Business 
Or computer related field. 
Send resumes to: 


Epoch Solutions Inc. 
76 Norteastern Bivd, 
Suite 29A 
Nashua, NH 03062 
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Gainesville, FL - Integrate 
business phone systems 
with computer networks 
for clients. 2 yrs exp. 40 
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F. Salary commensurate 
with exp. Send resume 
to: Florida Phone 
Systems, Inc., 3499 NW 
97th Blvd., Ste. 11, 
Gainesville, FL 32606. 


Programmer Analyst, 
Austin, TX - Develop, pro- 
gram and test custom inter- 
faces and data conversion 
programs for information 
technology company. 
Client Support req'd. BS in 
Computer Science or relat- 
ed field. Salary commensu- 
rate with exp. 40 hrs/wk, 
8:30 AM - 5:30 PM, M - F. 
Mail resume to: Info Tech, 
Inc., 5700 SW 34th Street, 
Suite 1235, Gainesville, FL 
32608. EEO M/F/V/D 
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Continued from page 1 
Encryption 


Y2k upgrades helped push 
companies to take advantage of 
new Web-based technologies, 
the upgrade to Triple DES may 
help lay the foundation for 
new point-of-sale and ATM 
services, such as bill paying. 

Bank One Corp. in Chicago, 
for instance, has decided to re- 
place all 4,000 of its ATMs 
with Triple DES-compliant 
models over the next three 
years. That effort began in 
March and will cost at least 
$150 million, according to a 
Bank One spokeswoman. In 
addition to being more secure, 
the new machines will be 
Web-enabled and ready to 
support a host of new features 
such as online bill payment, 
account aggregation and bro- 
kerage services. 

DES is designed to protect 
personal identification num- 
bers (PIN) entered at ATMs 
and point-of-sale devices, but 
using brute-force computing 
power in a process called an 
“exhaustion attack,” it’s possi- 
ble to unscramble DES-pro- 
tected information. 


Industry Conversion 

Led by Purchase, N-Y.-based 
MasterCard, the major elec- 
tronic funds companies began 
seeking an industry conver- 
sion to Triple DES several 
years ago. But with the dead- 
lines looming, banks and re- 
tailers are only beginning to 
deal with the costly conver- 
sion, and they’re now calling 
for deadline extensions. Many 
of the nation’s 360,000 ATMs 
will have to be replaced to 
comply, as will some back-end 
systems. Many applications 
will have to be rewritten to 
handle Triple DES. 

The total cost will be stag- 
gering. A new ATM can cost 
as much as $50,000; costs will 
range from $1,000 to $5,000 
for ATMs that can be upgrad- 
ed, according to financial in- 
dustry analysts. Hardware se- 
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curity modules, which sit on 
transaction servers and proc 
ess DES keys, can cost up to 
$50,000 each. 

Kurt Helwig, executive di- 
rector of the Electronic Funds 
Transfer Association in Wash- 
ington, said the effort to re- 


| place or upgrade old systems 


will be huge, and financial 
firms are fuming. 

“{Banks] feel they’re being 
asked to bear this burden on 
behalf of the industry, when 
it’s a problem that’s not such a 
grave threat,” said Helwig, 
whose organization has 600 
members, including banks, 
ATM networks and technolo- 
gy vendors. 

“Everyone is convinced that 
Triple DES is a good idea,” 
said Andi Coleman, Tandem 
security team leader at Char- 
lotte, N.C.-based Bank of 
America Corp., who heads a 


| special interest group on secu- 


| Continued from page 1 


California 


avoid a repeat of the situation 
that led to the undoing of its 
former Department of Infor- 
mation Technology (DOIT). 
At a meeting in Sacramento, 
Kelso outlined an IT gover- 
nance proposal he crafted at 
the governor’s request, a ver- 
sion of which is now before 
the state legislature. The pro- 
posal specifies the technology 
procurement responsibilities 


| that would be given to various 


government entities, including 
his office, the state’s finance 


| and general services depart- 


ments, the managers of its 


| data centers and the CIOs of 


individual agencies. 

For example, the bill man- 
dates that the state CIO focus 
on strategic planning and 
gives the finance department 
the ultimate authority to ap- 
prove and fund IT projects, as 
well as project oversight du- 
ties. The legislation includes 
Kelso’s own recommendations 
on how to govern IT, but Gov. 


n Dec 


48106. Comp 


at the t 


e of S3 per 
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| ATMs widely deployed at re- 
| tail establishments, which are 
| operated by independent net- 


| going to be there,” she said. 


| said the effort was relatively 


| contain the keycodes for en- 


| and procurement training 


| date a data center that con- 


| administrative entity, a project 


NEWS 


rity for the ITUG HP NonStop 
user group. Coleman said she 
has no doubt that financial 
services companies will meet 
the requirements, but she’s 
concerned about whether 


works, will also comply. “If 
ever there is a weak link... it’s 


Star Systems, which is 
owned by Memphis-based 
Concord EFS Inc., completed a 
two-month Triple DES up- 
grade on its network switches 
about six months ago. Lynn 


simple and involved updating 
software on 30 host security 
modules — appliances that 


crypting and decrypting PINs. 
For banks and transaction 
processors, the Triple DES up- 





grades involve replacing ATM 


Gray Davis has yet to say 
whether he would sign the 


| current version of the bill. 


In a phone interview after 
the meeting, Kelso pointed to 
obstacles such as a massive 
state budget crunch and a bid 
to recall Davis, whose critics 
used the administration’s role 
in the licensing deal with 
Oracle Corp. to help put the 
recall effort in motion. But, 
Kelso said, his office has initi- 
ated programs to streamline 
the state’s IT procurement 
process and has developed 
new spending oversight rules 


programs. 


Consolidation Plans 

The state is also moving ahead 
with data center realignment 
and consolidation efforts, Kel- 
so noted. For instance, by next 
July, it at last plans to consoli- 


tains personnel records on 





| state workers and the IT facili- 


| 
an | 
ty for its health and human | 
services agency under a single | 


that has been on the drawing | 
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Triple DES 
Deadlines 


keyboards with keyboards that 
house an integrated circuit 
board that encrypts PINs be- 
fore they’re sent to the ma- 
chine’s internal processor. 
Currently, the PINs are trans- 
ferred over a 2-foot cable in 


board for the past decade. 
However, Kelso said that 
achieving all the IT procure- 
ment improvements he has in 
mind and reaping the antici- 


| pated cost savings on technol- 
| ogy purchases will require a 


multiyear effort. “There are 
still way too many hurdles in 
large, complex procurement 
projects,” he said. 

With its many agencies and 
departments, California’s gov- 
ernment is one of the biggest 
enterprises in the world, Kelso 


| noted. But the state “doesn’t 


really have good enough infor- 
mation about many of its sys- 
tems and infrastructure,” he 
said. That makes it impossible 
to cost-effectively launch and 
manage potential statewide 


| technology initiatives. 


State auditor Elaine Howle 
last year sharply criticized the 


| Oracle deal in a report that 


helped fuel the debate over 
the propriety of the software 
contract [QuickLink 29291]. 
Howle said her department 
has yet to do a detailed analy- 


| sis of Kelso’s proposed IT 


governance program, but on 
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the clear before being en- 
crypted, said Jerry Silva, an 


| analyst at TowerGroup in 


Needham, Mass. ATM proc- 
essing software will also have 
to be upgraded. 

Charles Kennedy, a partner 
at the law office of Morrison 


| & Foerster LLP in Washing- 


ton, said industry mandates 
create a “standard of care” 
that give state and federal reg- 


| ulators the legal foothoid to 


step in with enforcement pro- 
ceedings. Those regulators 


can impose fines on institu- 


tions that suffer security 
breaches because they lack 


| Triple DES, Kennedy said. 


The U.S. Department of the 


| Treasury and the U.S. Federal 


Reserve Bank currently use 
Triple DES, a standard that has 
been adopted by the American 
National Standards Institute 
and the International Stan- 
dards Organization as well. B 


be 


the surface, it appears to 
“going in the right direction.” 
Howle added that after her 
staffers interviewed govern- 
ment and private-sector IT ex- 
ecutives last year to get rec- 
ommendations for restructur- 
ing the state’s approach to 
technology spending, it be- 


| came clear that a CIO who 


could take responsibility for 
strategic planning was needed. 
That position didn’t exist un- 
der the old DOIT, Howle said. 

Kelso initially took over 
management of the DOIT on 
an interim basis and then was 
named state CIO after the IT 
agency was dissolved at the 
end of June 2002. He currently 
works with California’s vari- 
Ous state agencies with help 
from two deputy CIOs. 

Kelso said there is more of 
an atmosphere of collabora- 
tion and trust than existed un- 
der the DOIT, which was 
viewed by some state officials 
as “a competitor.” For exam- 
ple, there are now regular 
meetings between Kelso, 
agency data center staffs and 
finance department officials. D 
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How to Compete 


AN YOU COMPETE AGAINST OUTSOURCING? Sure 
you can. Are you competing against outsourcing? Prob- 
ably not. Why not? Probably because you think the de- 
cision to outsource or not to outsource is one that’s 
outside your control. You figure no one will ask you 
whether your IT shop’s work should be shipped to India or Canada 
or Ireland or China or even just to some army of cube slaves on the 


other side of town. 


And you're right — by the time you’re informed of the decision, 
it’s too late. By then, the deal is done. 
But that doesn’t mean you can’t compete right now. 


Maybe it seems impossible. After all, you 
know what outsourcing has to offer: technical 
proficiency, economies of scale and — in the 
case of offshoring — cheaper labor. How the 
heck do you compete with that? Sure, invest- 
ments in training will help. But you’ll never get 
an outsourcer’s economies of scale. And there’s 
no way you can match that offshore price. 

But that’s not how you compete effectively 
anyway. Think about it: How many software 
vendors have successfully competed against 
Microsoft by building word processors and 
PowerPoint knockoffs? 

You don’t compete effectively by trying just 
to match the other guy’s strengths. You com- 
pete by doing what the other guy can’t do. 

And what can a corporate IT shop do that 
hired guns can’t? You can leverage your inti- 
mate knowledge of the business and how it 
works. You can build close relationships with 
users. You can really understand your company 
— how it really works, why decisions are really 
made, what customers really need. 

There are advantages to being part of the or- 
ganization. You’re close enough to spot situa- 
tions before they become problems 
and to recognize problems before 
they go critical. Outsiders have a 
harder time doing that. 

Outsiders — outsourcers — also 
have trouble being flexible when it’s 
firefighting time. They can’t react 
as quickly or throw as much exper- 
tise at sudden crises. They’ve got 
dozens or hundreds of corporate 
customers whose needs they have 
to juggle. You’ve got one. 

And outsourcers know where their 
primary responsibility lies: with 
their profit margins. They’ll always 





be looking for ways to maximize their own in- 
come, not your company’s success. Sure, they’ll 
want your company to succeed — they won’t 
get paid otherwise. But their customers’ success 
will always have to be priority No. 2 at best. 

For you, it can be Job 1. In fact, it had better be. 

Those are your competitive advantages. Oh, 
you’ve got one more: You already own your or- 
ganization’s IT work. Right now — and at least 
until your CEO starts thinking seriously about 
sending that work somewhere else — the job is 
yours to lose. 

So you still have the chance to make your IT 
shop competitive. You still have time to get in 
close with users, to think two steps ahead to 
spot what they’ll need, to fine-tune your proc- 
esses so you're delivering exactly what the busi- 
ness requires instead of the generic IT services 
an outsourcer provides. 

Most of all, you have the opportunity to make 
users, managers and executives happy with the 
quality and effectiveness of what they’re getting 
from your IT shop. Satisfied customers don’t 
look for a replacement — and they’ll pay a pre- 
mium if they’re sure they’re getting their mon- 

ey’s worth. That’s the strongest 
competitive advantage of all. 

And if you're really that focused 
on what your users and business 
need, you will be delivering their 
money’s worth — in a way you 
probably never would if you didn’t 
take the need to compete against 
outsourcing seriously. 

Sure, you can compete against 
outsourcers. You may even make it 
so tough for them to compete with 
your IT shop that they’! never 
have a chance. 

The real question is, will you? D 
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\s the world’s leading provider of business application software, we 
have an enormous responsibility to you, our customers. After all, you've 
entrusted your business’s future to our products — and our reputation. 


So we'd like to take a few moments to define our commitment to you. 


It’s not exactly an oath. But for us, it’s written in stone. 


We don’t rush SAP* solutions into the marketplace. They’re engi 


neered for stability and reliability, then tested and retested to ensure it. 


Which makes them the perfect choice for mission-critical business 
processes. Altogether, we spend more than $1 billion a year on research 


and development. Think of it as an investment in your peace of mind. 


We're constantly looking for new ways to help you reduce costs and 
limit your financial risk. 

Here’s one way: our breakthrough open technology platform, SAP 
NetWeaver It enables you to make use of your existing software invest 
ments, plus choose any software you want 1n the future SAP or non 
SAP. The result: significantly lower integration costs, as well as lower total 


cost of ow nership. 


What does a small pharmaceutical manufacturer have in common 
with a huge financial services company? Frankly, not a lot. Which is 


why we offer customized solutions for 23 different industries, as well as 


solutions scaled specifically for small and midsize businesses. After all, you 


want solutions that fit, not almost fit. 


Even the best software is useless without top-notch support. So we'll 
always stand behind you. In fact, 130,000 consultants will be behind you 
It’s called the SAP Customer Services Network 

They can help you strategically plan for, implement, operate, and 
continually improve solutions. Their goal is to maximize your return on 


investment and help you realize your objectives faster than ever 


We’ve been in business for over 31 years. Today, 29,000 of our em 
ployees are servicing 19,600 customers in 120 countries. As you can 
probably deduce from those numbers, we're committed to being your 
trusted partner for the long term. Evidently, that commitment has not 
gone unnoticed. As BusinessWeek Online recently commented: “In a world 


where being safe is sexy, SAP may be the biggest eye-catcher on the block? 


Lately, there’s been a lot of turmoil in our industry. Hopefully, you 
haven't been affected. 

But if you are, you should know that you have an alternative: a 
company whose main priority is its customers’ needs; a company that 
places the utmost importance on relationships; a company that will be 
here for you. 

If you'd like to talk to that company, call us at 1 800 940 1727 or visit 


sap.c om/commitment 


THE BEST-RUN BUSINESSES RUN 





’ ; , 


NOHO 


J 


T ] »? ny 


us ] 








HP. Standing at the forefront 
of the Linux revolution. 


Linux is all about open solutions. 
And so is HP. So naturally, HP has 
emerged as the worldwide leader in 
Linux solutions. By focusing on the 
key strength of Linux—open system 
environments—HP has been solving 
real business problems for more 
customers than anyone for 18 
quarters running, With HP hardware, 
software and over 4,000 Linux 
service experts ready to serve you, it's 
easy to see we're the Linux leader. 
And the ones you should call 
ome mom felts 

most business-critical 

applications 

easier to manage 

elm encom aoe 

Demand more. Demand HP for Linux. 


To see what HP and Linux can do for 
your business, try our TCO calculator 
at www.hp.com/go/demandlinux. 
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